diff --git a/SOURCES/policy-rhel-7.8-contrib.patch b/SOURCES/policy-rhel-7.8-contrib.patch index c5bad7b..6155bf9 100644 --- a/SOURCES/policy-rhel-7.8-contrib.patch +++ b/SOURCES/policy-rhel-7.8-contrib.patch @@ -1,12 +1,12 @@ diff --git a/.gitignore b/.gitignore new file mode 100644 -index 000000000..bea575523 +index 0000000000..bea5755230 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +TAGS diff --git a/abrt.fc b/abrt.fc -index 1a93dc578..e948aef59 100644 +index 1a93dc5781..e948aef597 100644 --- a/abrt.fc +++ b/abrt.fc @@ -1,31 +1,47 @@ @@ -81,7 +81,7 @@ index 1a93dc578..e948aef59 100644 -/var/spool/abrt-retrace(/.*)? gen_context(system_u:object_r:abrt_retrace_spool_t,s0) -/var/spool/retrace-server(/.*)? gen_context(system_u:object_r:abrt_retrace_spool_t,s0) diff --git a/abrt.if b/abrt.if -index 058d908e4..1b643bfb5 100644 +index 058d908e49..1b643bfb5d 100644 --- a/abrt.if +++ b/abrt.if @@ -1,4 +1,26 @@ @@ -579,7 +579,7 @@ index 058d908e4..1b643bfb5 100644 +') + diff --git a/abrt.te b/abrt.te -index eb50f070f..a00644903 100644 +index eb50f070fe..a006449032 100644 --- a/abrt.te +++ b/abrt.te @@ -6,11 +6,10 @@ policy_module(abrt, 1.4.1) @@ -1208,7 +1208,7 @@ index eb50f070f..a00644903 100644 - -miscfiles_read_localization(abrt_domain) diff --git a/accountsd.fc b/accountsd.fc -index f9d8d7a92..068271030 100644 +index f9d8d7a929..0682710306 100644 --- a/accountsd.fc +++ b/accountsd.fc @@ -1,3 +1,5 @@ @@ -1218,7 +1218,7 @@ index f9d8d7a92..068271030 100644 /usr/lib/accountsservice/accounts-daemon -- gen_context(system_u:object_r:accountsd_exec_t,s0) diff --git a/accountsd.if b/accountsd.if -index bd5ec9ab0..554177cd2 100644 +index bd5ec9ab08..554177cd29 100644 --- a/accountsd.if +++ b/accountsd.if @@ -126,23 +126,51 @@ interface(`accountsd_manage_lib_files',` @@ -1279,7 +1279,7 @@ index bd5ec9ab0..554177cd2 100644 + allow $1 accountsd_unit_file_t:service all_service_perms; ') diff --git a/accountsd.te b/accountsd.te -index 3593510d8..7c13845fd 100644 +index 3593510d8e..7c13845fd0 100644 --- a/accountsd.te +++ b/accountsd.te @@ -4,6 +4,10 @@ gen_require(` @@ -1361,7 +1361,7 @@ index 3593510d8..7c13845fd 100644 + xserver_manage_xdm_etc_files(accountsd_t) ') diff --git a/acct.if b/acct.if -index 81280d008..bc4038b45 100644 +index 81280d0086..bc4038b45e 100644 --- a/acct.if +++ b/acct.if @@ -83,6 +83,24 @@ interface(`acct_manage_data',` @@ -1405,7 +1405,7 @@ index 81280d008..bc4038b45 100644 domain_system_change_exemption($1) role_transition $2 acct_initrc_exec_t system_r; diff --git a/acct.te b/acct.te -index 8b9ad83c5..f4f24864b 100644 +index 8b9ad83c5b..f4f24864b1 100644 --- a/acct.te +++ b/acct.te @@ -40,8 +40,6 @@ corecmd_exec_shell(acct_t) @@ -1435,7 +1435,7 @@ index 8b9ad83c5..f4f24864b 100644 userdom_dontaudit_use_unpriv_user_fds(acct_t) diff --git a/ada.te b/ada.te -index 8d42c97ae..2377f8f82 100644 +index 8d42c97ae9..2377f8f826 100644 --- a/ada.te +++ b/ada.te @@ -20,7 +20,7 @@ role ada_roles types ada_t; @@ -1448,7 +1448,7 @@ index 8d42c97ae..2377f8f82 100644 optional_policy(` unconfined_domain(ada_t) diff --git a/afs.fc b/afs.fc -index 8926c1696..206ea16fd 100644 +index 8926c1696e..206ea16fd5 100644 --- a/afs.fc +++ b/afs.fc @@ -3,6 +3,8 @@ @@ -1472,7 +1472,7 @@ index 8926c1696..206ea16fd 100644 /usr/afs/db -d gen_context(system_u:object_r:afs_dbdir_t,s0) /usr/afs/db/pr.* -- gen_context(system_u:object_r:afs_pt_db_t,s0) diff --git a/afs.if b/afs.if -index 3b41be699..97d99f979 100644 +index 3b41be6994..97d99f979f 100644 --- a/afs.if +++ b/afs.if @@ -38,6 +38,24 @@ interface(`afs_rw_udp_sockets',` @@ -1522,7 +1522,7 @@ index 3b41be699..97d99f979 100644 afs_initrc_domtrans($1) domain_system_change_exemption($1) diff --git a/afs.te b/afs.te -index 90ce63748..8cf712d15 100644 +index 90ce63748d..8cf712d15b 100644 --- a/afs.te +++ b/afs.te @@ -72,7 +72,7 @@ role system_r types afs_vlserver_t; @@ -1713,7 +1713,7 @@ index 90ce63748..8cf712d15 100644 sysnet_read_config(afs_domain) + diff --git a/aiccu.if b/aiccu.if -index 3b5dcb947..fbe187fe1 100644 +index 3b5dcb9470..fbe187fe1e 100644 --- a/aiccu.if +++ b/aiccu.if @@ -79,9 +79,13 @@ interface(`aiccu_admin',` @@ -1732,7 +1732,7 @@ index 3b5dcb947..fbe187fe1 100644 domain_system_change_exemption($1) role_transition $2 aiccu_initrc_exec_t system_r; diff --git a/aiccu.te b/aiccu.te -index 5d2b90e04..7374df0b9 100644 +index 5d2b90e04c..7374df0b9c 100644 --- a/aiccu.te +++ b/aiccu.te @@ -48,7 +48,6 @@ corenet_all_recvfrom_unlabeled(aiccu_t) @@ -1770,7 +1770,7 @@ index 5d2b90e04..7374df0b9 100644 sysnet_dns_name_resolve(aiccu_t) sysnet_domtrans_ifconfig(aiccu_t) diff --git a/aide.if b/aide.if -index 01cbb67df..94a4a2406 100644 +index 01cbb67df8..94a4a24062 100644 --- a/aide.if +++ b/aide.if @@ -67,9 +67,13 @@ interface(`aide_admin',` @@ -1789,7 +1789,7 @@ index 01cbb67df..94a4a2406 100644 files_list_etc($1) diff --git a/aide.te b/aide.te -index 03831e6e5..e7d9dd97e 100644 +index 03831e6e52..e7d9dd97e6 100644 --- a/aide.te +++ b/aide.te @@ -10,6 +10,7 @@ attribute_role aide_roles; @@ -1842,7 +1842,7 @@ index 03831e6e5..e7d9dd97e 100644 optional_policy(` seutil_use_newrole_fds(aide_t) diff --git a/aisexec.if b/aisexec.if -index a2997fa57..861cebdf9 100644 +index a2997fa57a..861cebdf90 100644 --- a/aisexec.if +++ b/aisexec.if @@ -83,9 +83,13 @@ interface(`aisexecd_admin',` @@ -1861,7 +1861,7 @@ index a2997fa57..861cebdf9 100644 domain_system_change_exemption($1) role_transition $2 aisexec_initrc_exec_t system_r; diff --git a/aisexec.te b/aisexec.te -index 4e4f06364..808e067e8 100644 +index 4e4f063649..808e067e82 100644 --- a/aisexec.te +++ b/aisexec.te @@ -63,6 +63,7 @@ files_pid_filetrans(aisexec_t, aisexec_var_run_t, { file sock_file }) @@ -1895,7 +1895,7 @@ index 4e4f06364..808e067e8 100644 rhcs_rw_fenced_semaphores(aisexec_t) diff --git a/ajaxterm.fc b/ajaxterm.fc new file mode 100644 -index 000000000..aeb1888a7 +index 0000000000..aeb1888a78 --- /dev/null +++ b/ajaxterm.fc @@ -0,0 +1,6 @@ @@ -1907,7 +1907,7 @@ index 000000000..aeb1888a7 +/var/run/ajaxterm\.pid -- gen_context(system_u:object_r:ajaxterm_var_run_t,s0) diff --git a/ajaxterm.if b/ajaxterm.if new file mode 100644 -index 000000000..7abe946d4 +index 0000000000..7abe946d42 --- /dev/null +++ b/ajaxterm.if @@ -0,0 +1,90 @@ @@ -2003,7 +2003,7 @@ index 000000000..7abe946d4 +') diff --git a/ajaxterm.te b/ajaxterm.te new file mode 100644 -index 000000000..a95a4adf3 +index 0000000000..a95a4adf3b --- /dev/null +++ b/ajaxterm.te @@ -0,0 +1,60 @@ @@ -2068,7 +2068,7 @@ index 000000000..a95a4adf3 +') + diff --git a/alsa.fc b/alsa.fc -index 33d9d3111..58bf1829a 100644 +index 33d9d31116..58bf1829ac 100644 --- a/alsa.fc +++ b/alsa.fc @@ -23,4 +23,10 @@ ifdef(`distro_debian',` @@ -2084,7 +2084,7 @@ index 33d9d3111..58bf1829a 100644 + +/var/run/alsactl\.pid -- gen_context(system_u:object_r:alsa_var_run_t,s0) diff --git a/alsa.if b/alsa.if -index ca8d8cf3b..053a30ad4 100644 +index ca8d8cf3b5..053a30ad41 100644 --- a/alsa.if +++ b/alsa.if @@ -168,6 +168,7 @@ interface(`alsa_manage_home_files',` @@ -2200,7 +2200,7 @@ index ca8d8cf3b..053a30ad4 100644 ######################################### diff --git a/alsa.te b/alsa.te -index 4b153f179..a799cd394 100644 +index 4b153f1797..a799cd3947 100644 --- a/alsa.te +++ b/alsa.te @@ -15,6 +15,9 @@ role alsa_roles types alsa_t; @@ -2281,7 +2281,7 @@ index 4b153f179..a799cd394 100644 userdom_manage_unpriv_user_shared_mem(alsa_t) userdom_search_user_home_dirs(alsa_t) diff --git a/amanda.fc b/amanda.fc -index 7f4dfbca3..e5c9f45b8 100644 +index 7f4dfbca3c..e5c9f45b83 100644 --- a/amanda.fc +++ b/amanda.fc @@ -1,5 +1,6 @@ @@ -2301,7 +2301,7 @@ index 7f4dfbca3..e5c9f45b8 100644 /usr/sbin/amrecover -- gen_context(system_u:object_r:amanda_recover_exec_t,s0) diff --git a/amanda.te b/amanda.te -index 519051c7d..5f838c4dd 100644 +index 519051c7db..5f838c4dd9 100644 --- a/amanda.te +++ b/amanda.te @@ -9,11 +9,14 @@ attribute_role amanda_recover_roles; @@ -2448,7 +2448,7 @@ index 519051c7d..5f838c4dd 100644 + fstools_signal(amanda_t) +') diff --git a/amavis.fc b/amavis.fc -index 17689a707..8aa684917 100644 +index 17689a7071..8aa684917e 100644 --- a/amavis.fc +++ b/amavis.fc @@ -12,8 +12,6 @@ ifdef(`distro_debian',` @@ -2461,7 +2461,7 @@ index 17689a707..8aa684917 100644 /var/lib/amavis(/.*)? gen_context(system_u:object_r:amavis_var_lib_t,s0) diff --git a/amavis.if b/amavis.if -index 60d4f8c90..18ef0772c 100644 +index 60d4f8c90c..18ef0772c3 100644 --- a/amavis.if +++ b/amavis.if @@ -54,6 +54,7 @@ interface(`amavis_read_spool_files',` @@ -2515,7 +2515,7 @@ index 60d4f8c90..18ef0772c 100644 domain_system_change_exemption($1) role_transition $2 amavis_initrc_exec_t system_r; diff --git a/amavis.te b/amavis.te -index 91fa72ae1..be1f9677d 100644 +index 91fa72ae12..be1f9677d8 100644 --- a/amavis.te +++ b/amavis.te @@ -16,6 +16,7 @@ gen_tunable(amavis_use_jit, false) @@ -2617,7 +2617,7 @@ index 91fa72ae1..be1f9677d 100644 postfix_read_config(amavis_t) postfix_list_spool(amavis_t) diff --git a/amtu.te b/amtu.te -index 16d0d66eb..60abfd080 100644 +index 16d0d66eba..60abfd080e 100644 --- a/amtu.te +++ b/amtu.te @@ -24,11 +24,10 @@ kernel_read_system_state(amtu_t) @@ -2634,7 +2634,7 @@ index 16d0d66eb..60abfd080 100644 optional_policy(` nscd_dontaudit_search_pid(amtu_t) diff --git a/anaconda.fc b/anaconda.fc -index b098089d0..fe35bebfd 100644 +index b098089d08..fe35bebfd2 100644 --- a/anaconda.fc +++ b/anaconda.fc @@ -1 +1,13 @@ @@ -2652,7 +2652,7 @@ index b098089d0..fe35bebfd 100644 +/var/lib/preupgrade(/.*)? gen_context(system_u:object_r:preupgrade_data_t,s0) +/var/log/preupgrade(/.*)? gen_context(system_u:object_r:preupgrade_data_t,s0) diff --git a/anaconda.if b/anaconda.if -index 14a61b7e1..76d93294d 100644 +index 14a61b7e11..76d93294de 100644 --- a/anaconda.if +++ b/anaconda.if @@ -1 +1,132 @@ @@ -2789,7 +2789,7 @@ index 14a61b7e1..76d93294d 100644 + files_search_var_lib($1) +') diff --git a/anaconda.te b/anaconda.te -index aa44abfe4..9efa1f20b 100644 +index aa44abfe4d..9efa1f20b1 100644 --- a/anaconda.te +++ b/anaconda.te @@ -4,6 +4,10 @@ gen_require(` @@ -2894,7 +2894,7 @@ index aa44abfe4..9efa1f20b 100644 +') diff --git a/antivirus.fc b/antivirus.fc new file mode 100644 -index 000000000..219f32db0 +index 0000000000..219f32db00 --- /dev/null +++ b/antivirus.fc @@ -0,0 +1,44 @@ @@ -2944,7 +2944,7 @@ index 000000000..219f32db0 + diff --git a/antivirus.if b/antivirus.if new file mode 100644 -index 000000000..36251b926 +index 0000000000..36251b9266 --- /dev/null +++ b/antivirus.if @@ -0,0 +1,325 @@ @@ -3275,7 +3275,7 @@ index 000000000..36251b926 +') diff --git a/antivirus.te b/antivirus.te new file mode 100644 -index 000000000..784eeb11a +index 0000000000..784eeb11a8 --- /dev/null +++ b/antivirus.te @@ -0,0 +1,272 @@ @@ -3552,7 +3552,7 @@ index 000000000..784eeb11a + spamassassin_read_pid_files(antivirus_domain) +') diff --git a/apache.fc b/apache.fc -index 7caefc353..1edf14e25 100644 +index 7caefc3538..1edf14e25c 100644 --- a/apache.fc +++ b/apache.fc @@ -1,162 +1,219 @@ @@ -3915,7 +3915,7 @@ index 7caefc353..1edf14e25 100644 +/var/run/dirsrv/admin-serv.* gen_context(system_u:object_r:httpd_var_run_t,s0) +/opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0) diff --git a/apache.if b/apache.if -index f6eb4851f..94c92bab0 100644 +index f6eb4851f1..94c92bab0f 100644 --- a/apache.if +++ b/apache.if @@ -1,9 +1,9 @@ @@ -5613,7 +5613,7 @@ index f6eb4851f..94c92bab0 100644 + ps_process_pattern(httpd_t, $1) ') diff --git a/apache.te b/apache.te -index 6649962b6..e51965af4 100644 +index 6649962b6e..e51965af4b 100644 --- a/apache.te +++ b/apache.te @@ -5,280 +5,346 @@ policy_module(apache, 2.7.2) @@ -8010,7 +8010,7 @@ index 6649962b6..e51965af4 100644 + ') ') diff --git a/apcupsd.fc b/apcupsd.fc -index 5ec0e13c8..97c204fe5 100644 +index 5ec0e13c87..97c204fe51 100644 --- a/apcupsd.fc +++ b/apcupsd.fc @@ -1,18 +1,23 @@ @@ -8043,7 +8043,7 @@ index 5ec0e13c8..97c204fe5 100644 +/var/www/apcupsd/upsstats\.cgi -- gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0) +/var/www/cgi-bin/apcgui(/.*)? gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0) diff --git a/apcupsd.if b/apcupsd.if -index f3c0abac6..f6e25eda4 100644 +index f3c0abac62..f6e25eda4c 100644 --- a/apcupsd.if +++ b/apcupsd.if @@ -102,7 +102,7 @@ interface(`apcupsd_append_log',` @@ -8151,7 +8151,7 @@ index f3c0abac6..f6e25eda4 100644 + files_etc_filetrans(apcupsd_t, apcupsd_power_t, file, "powerfail") ') diff --git a/apcupsd.te b/apcupsd.te -index 080bc4ddb..b295381b8 100644 +index 080bc4ddba..b295381b86 100644 --- a/apcupsd.te +++ b/apcupsd.te @@ -24,12 +24,18 @@ files_tmp_file(apcupsd_tmp_t) @@ -8290,7 +8290,7 @@ index 080bc4ddb..b295381b8 100644 + sysnet_dns_name_resolve(apcupsd_cgi_script_t) ') diff --git a/apm.fc b/apm.fc -index ce27d2fb3..b2ba16a04 100644 +index ce27d2fb33..b2ba16a046 100644 --- a/apm.fc +++ b/apm.fc @@ -1,3 +1,4 @@ @@ -8308,7 +8308,7 @@ index ce27d2fb3..b2ba16a04 100644 /var/log/acpid.* -- gen_context(system_u:object_r:apmd_log_t,s0) diff --git a/apm.if b/apm.if -index 1a7a97e5c..2c7252a39 100644 +index 1a7a97e5c3..2c7252a391 100644 --- a/apm.if +++ b/apm.if @@ -139,6 +139,30 @@ interface(`apm_stream_connect',` @@ -8358,7 +8358,7 @@ index 1a7a97e5c..2c7252a39 100644 domain_system_change_exemption($1) role_transition $2 apmd_initrc_exec_t system_r; diff --git a/apm.te b/apm.te -index 7fd431bcd..f944eccf1 100644 +index 7fd431bcd7..f944eccf15 100644 --- a/apm.te +++ b/apm.te @@ -35,12 +35,15 @@ files_type(apmd_var_lib_t) @@ -8474,7 +8474,7 @@ index 7fd431bcd..f944eccf1 100644 optional_policy(` diff --git a/apt.if b/apt.if -index cde81d248..2fe02018a 100644 +index cde81d2486..2fe02018af 100644 --- a/apt.if +++ b/apt.if @@ -171,7 +171,7 @@ interface(`apt_read_cache',` @@ -8487,7 +8487,7 @@ index cde81d248..2fe02018a 100644 ') diff --git a/apt.te b/apt.te -index efa853059..ae5d0c9f2 100644 +index efa853059d..ae5d0c9f2a 100644 --- a/apt.te +++ b/apt.te @@ -39,7 +39,7 @@ logging_log_file(apt_var_log_t) @@ -8538,7 +8538,7 @@ index efa853059..ae5d0c9f2 100644 optional_policy(` backup_manage_store_files(apt_t) diff --git a/arpwatch.fc b/arpwatch.fc -index 9ca0d0fb8..9a1a61f82 100644 +index 9ca0d0fb8c..9a1a61f82f 100644 --- a/arpwatch.fc +++ b/arpwatch.fc @@ -1,5 +1,7 @@ @@ -8550,7 +8550,7 @@ index 9ca0d0fb8..9a1a61f82 100644 /var/arpwatch(/.*)? gen_context(system_u:object_r:arpwatch_data_t,s0) diff --git a/arpwatch.if b/arpwatch.if -index 50c9b9c87..533a555a2 100644 +index 50c9b9c87e..533a555a2a 100644 --- a/arpwatch.if +++ b/arpwatch.if @@ -117,6 +117,30 @@ interface(`arpwatch_dontaudit_rw_packet_sockets',` @@ -8612,7 +8612,7 @@ index 50c9b9c87..533a555a2 100644 + allow $1 arpwatch_unit_file_t:service all_service_perms; ') diff --git a/arpwatch.te b/arpwatch.te -index 2d7bf345b..04d3ea1c8 100644 +index 2d7bf345b0..04d3ea1c85 100644 --- a/arpwatch.te +++ b/arpwatch.te @@ -21,6 +21,9 @@ files_tmp_file(arpwatch_tmp_t) @@ -8683,7 +8683,7 @@ index 2d7bf345b..04d3ea1c8 100644 userdom_dontaudit_use_unpriv_user_fds(arpwatch_t) diff --git a/asterisk.if b/asterisk.if -index 2077053ea..198a02ab4 100644 +index 2077053eac..198a02ab43 100644 --- a/asterisk.if +++ b/asterisk.if @@ -124,9 +124,13 @@ interface(`asterisk_admin',` @@ -8702,7 +8702,7 @@ index 2077053ea..198a02ab4 100644 domain_system_change_exemption($1) role_transition $2 asterisk_initrc_exec_t system_r; diff --git a/asterisk.te b/asterisk.te -index 7e4135022..1e0f4c49b 100644 +index 7e41350229..1e0f4c49bc 100644 --- a/asterisk.te +++ b/asterisk.te @@ -19,7 +19,7 @@ type asterisk_log_t; @@ -8772,7 +8772,7 @@ index 7e4135022..1e0f4c49b 100644 diff --git a/authconfig.fc b/authconfig.fc new file mode 100644 -index 000000000..4579cfe17 +index 0000000000..4579cfe178 --- /dev/null +++ b/authconfig.fc @@ -0,0 +1,3 @@ @@ -8781,7 +8781,7 @@ index 000000000..4579cfe17 +/var/lib/authconfig(/.*)? gen_context(system_u:object_r:authconfig_var_lib_t,s0) diff --git a/authconfig.if b/authconfig.if new file mode 100644 -index 000000000..316c324f2 +index 0000000000..316c324f21 --- /dev/null +++ b/authconfig.if @@ -0,0 +1,127 @@ @@ -8914,7 +8914,7 @@ index 000000000..316c324f2 +') diff --git a/authconfig.te b/authconfig.te new file mode 100644 -index 000000000..dca8e7905 +index 0000000000..dca8e7905b --- /dev/null +++ b/authconfig.te @@ -0,0 +1,37 @@ @@ -8956,7 +8956,7 @@ index 000000000..dca8e7905 + policykit_dbus_chat(authconfig_t) +') diff --git a/automount.fc b/automount.fc -index 92adb37e1..0a2ffc62d 100644 +index 92adb37e15..0a2ffc62dd 100644 --- a/automount.fc +++ b/automount.fc @@ -1,6 +1,8 @@ @@ -8969,7 +8969,7 @@ index 92adb37e1..0a2ffc62d 100644 /var/lock/subsys/autofs -- gen_context(system_u:object_r:automount_lock_t,s0) diff --git a/automount.if b/automount.if -index f24e36960..4484a98da 100644 +index f24e369606..4484a98da2 100644 --- a/automount.if +++ b/automount.if @@ -29,7 +29,6 @@ interface(`automount_domtrans',` @@ -9066,7 +9066,7 @@ index f24e36960..4484a98da 100644 + allow $1 automount_unit_file_t:service all_service_perms; ') diff --git a/automount.te b/automount.te -index 27d2f400b..f74f75f1b 100644 +index 27d2f400b9..f74f75f1b6 100644 --- a/automount.te +++ b/automount.te @@ -22,6 +22,9 @@ type automount_tmp_t; @@ -9154,7 +9154,7 @@ index 27d2f400b..f74f75f1b 100644 +') + diff --git a/avahi.fc b/avahi.fc -index e9fe2cac1..4c2d0769e 100644 +index e9fe2cac15..4c2d0769ef 100644 --- a/avahi.fc +++ b/avahi.fc @@ -1,5 +1,7 @@ @@ -9166,7 +9166,7 @@ index e9fe2cac1..4c2d0769e 100644 /usr/sbin/avahi-dnsconfd -- gen_context(system_u:object_r:avahi_exec_t,s0) /usr/sbin/avahi-autoipd -- gen_context(system_u:object_r:avahi_exec_t,s0) diff --git a/avahi.if b/avahi.if -index 9078c3d85..2f6b2503e 100644 +index 9078c3d852..2f6b2503e6 100644 --- a/avahi.if +++ b/avahi.if @@ -209,6 +209,30 @@ interface(`avahi_dontaudit_search_pid',` @@ -9229,7 +9229,7 @@ index 9078c3d85..2f6b2503e 100644 + allow $1 avahi_unit_file_t:service all_service_perms; ') diff --git a/avahi.te b/avahi.te -index b8355b32f..51ce1b60f 100644 +index b8355b32f6..51ce1b60fd 100644 --- a/avahi.te +++ b/avahi.te @@ -13,17 +13,21 @@ type avahi_initrc_exec_t; @@ -9292,7 +9292,7 @@ index b8355b32f..51ce1b60f 100644 userdom_dontaudit_search_user_home_dirs(avahi_t) diff --git a/awstats.fc b/awstats.fc -index 11e6d5ffe..73b4ea47c 100644 +index 11e6d5ffe0..73b4ea47c8 100644 --- a/awstats.fc +++ b/awstats.fc @@ -1,5 +1,5 @@ @@ -9304,7 +9304,7 @@ index 11e6d5ffe..73b4ea47c 100644 /var/lib/awstats(/.*)? gen_context(system_u:object_r:awstats_var_lib_t,s0) diff --git a/awstats.te b/awstats.te -index c1b16c392..ffbf2cb8f 100644 +index c1b16c3929..ffbf2cb8fe 100644 --- a/awstats.te +++ b/awstats.te @@ -26,6 +26,7 @@ type awstats_var_lib_t; @@ -9364,7 +9364,7 @@ index c1b16c392..ffbf2cb8f 100644 +read_files_pattern(awstats_script_t, awstats_var_lib_t, awstats_var_lib_t) +files_search_var_lib(awstats_script_t) diff --git a/backup.te b/backup.te -index 7811450b6..e78703340 100644 +index 7811450b6b..e787033406 100644 --- a/backup.te +++ b/backup.te @@ -21,7 +21,7 @@ files_type(backup_store_t) @@ -9394,7 +9394,7 @@ index 7811450b6..e78703340 100644 optional_policy(` cron_system_entry(backup_t, backup_exec_t) diff --git a/bacula.fc b/bacula.fc -index 27ec3d519..65aa71bf6 100644 +index 27ec3d5193..65aa71bf63 100644 --- a/bacula.fc +++ b/bacula.fc @@ -8,6 +8,8 @@ @@ -9407,7 +9407,7 @@ index 27ec3d519..65aa71bf6 100644 /var/log/bacula.* gen_context(system_u:object_r:bacula_log_t,s0) diff --git a/bacula.if b/bacula.if -index dcd774ee4..c240ffaf6 100644 +index dcd774ee4a..c240ffaf69 100644 --- a/bacula.if +++ b/bacula.if @@ -69,6 +69,7 @@ interface(`bacula_admin',` @@ -9419,7 +9419,7 @@ index dcd774ee4..c240ffaf6 100644 allow $1 bacula_t:process { ptrace signal_perms }; diff --git a/bacula.te b/bacula.te -index f16b00008..1a7c80f01 100644 +index f16b000086..1a7c80f01e 100644 --- a/bacula.te +++ b/bacula.te @@ -27,6 +27,9 @@ type bacula_store_t; @@ -9557,7 +9557,7 @@ index f16b00008..1a7c80f01 100644 + ') +') diff --git a/bcfg2.fc b/bcfg2.fc -index fb42e352b..8af0e14ce 100644 +index fb42e352b3..8af0e14ced 100644 --- a/bcfg2.fc +++ b/bcfg2.fc @@ -1,5 +1,7 @@ @@ -9569,7 +9569,7 @@ index fb42e352b..8af0e14ce 100644 /var/lib/bcfg2(/.*)? gen_context(system_u:object_r:bcfg2_var_lib_t,s0) diff --git a/bcfg2.if b/bcfg2.if -index ec95d361e..186271b74 100644 +index ec95d361ee..186271b74e 100644 --- a/bcfg2.if +++ b/bcfg2.if @@ -115,6 +115,32 @@ interface(`bcfg2_manage_lib_dirs',` @@ -9638,7 +9638,7 @@ index ec95d361e..186271b74 100644 + ') ') diff --git a/bcfg2.te b/bcfg2.te -index c3fd7b148..e18959384 100644 +index c3fd7b1483..e18959384d 100644 --- a/bcfg2.te +++ b/bcfg2.te @@ -15,6 +15,9 @@ init_script_file(bcfg2_initrc_exec_t) @@ -9663,7 +9663,7 @@ index c3fd7b148..e18959384 100644 - -miscfiles_read_localization(bcfg2_t) diff --git a/bind.fc b/bind.fc -index 2b9a3a10d..982ce9b71 100644 +index 2b9a3a10d4..982ce9b718 100644 --- a/bind.fc +++ b/bind.fc @@ -1,54 +1,78 @@ @@ -9788,7 +9788,7 @@ index 2b9a3a10d..982ce9b71 100644 +/var/named/dynamic(/.*)? gen_context(system_u:object_r:named_cache_t,s0) +') diff --git a/bind.if b/bind.if -index 531a8f244..3fcf18722 100644 +index 531a8f244e..3fcf187225 100644 --- a/bind.if +++ b/bind.if @@ -18,6 +18,30 @@ interface(`bind_initrc_domtrans',` @@ -9969,7 +9969,7 @@ index 531a8f244..3fcf18722 100644 + allow $1 named_unit_file_t:service all_service_perms; ') diff --git a/bind.te b/bind.te -index 124112346..710af00bc 100644 +index 124112346e..710af00bc7 100644 --- a/bind.te +++ b/bind.te @@ -34,7 +34,7 @@ type named_checkconf_exec_t; @@ -10149,7 +10149,7 @@ index 124112346..710af00bc 100644 userdom_use_user_terminals(ndc_t) diff --git a/bird.te b/bird.te -index 1d60c2730..f8bb70055 100644 +index 1d60c27304..f8bb70055b 100644 --- a/bird.te +++ b/bird.te @@ -51,7 +51,6 @@ corenet_tcp_connect_bgp_port(bird_t) @@ -10161,7 +10161,7 @@ index 1d60c2730..f8bb70055 100644 logging_send_syslog_msg(bird_t) diff --git a/bitlbee.fc b/bitlbee.fc -index e9708d6cc..61362d088 100644 +index e9708d6cc5..61362d0887 100644 --- a/bitlbee.fc +++ b/bitlbee.fc @@ -7,7 +7,7 @@ @@ -10174,7 +10174,7 @@ index e9708d6cc..61362d088 100644 /var/run/bitlbee\.pid -- gen_context(system_u:object_r:bitlbee_var_run_t,s0) /var/run/bitlbee\.sock -s gen_context(system_u:object_r:bitlbee_var_run_t,s0) diff --git a/bitlbee.if b/bitlbee.if -index e73fb799e..2badfc0d9 100644 +index e73fb799e8..2badfc0d9b 100644 --- a/bitlbee.if +++ b/bitlbee.if @@ -44,9 +44,13 @@ interface(`bitlbee_admin',` @@ -10193,7 +10193,7 @@ index e73fb799e..2badfc0d9 100644 domain_system_change_exemption($1) role_transition $2 bitlbee_initrc_exec_t system_r; diff --git a/bitlbee.te b/bitlbee.te -index f5c1a48b6..102fa8eae 100644 +index f5c1a48b60..102fa8eae2 100644 --- a/bitlbee.te +++ b/bitlbee.te @@ -33,11 +33,14 @@ files_pid_file(bitlbee_var_run_t) @@ -10275,7 +10275,7 @@ index f5c1a48b6..102fa8eae 100644 + diff --git a/blkmapd.fc b/blkmapd.fc new file mode 100644 -index 000000000..5e59fb414 +index 0000000000..5e59fb4148 --- /dev/null +++ b/blkmapd.fc @@ -0,0 +1,6 @@ @@ -10287,7 +10287,7 @@ index 000000000..5e59fb414 +/var/run/blkmapd\.pid -- gen_context(system_u:object_r:blkmapd_var_run_t,s0) diff --git a/blkmapd.if b/blkmapd.if new file mode 100644 -index 000000000..76663796f +index 0000000000..76663796f7 --- /dev/null +++ b/blkmapd.if @@ -0,0 +1,121 @@ @@ -10414,7 +10414,7 @@ index 000000000..76663796f +') diff --git a/blkmapd.te b/blkmapd.te new file mode 100644 -index 000000000..6cfb35592 +index 0000000000..6cfb35592d --- /dev/null +++ b/blkmapd.te @@ -0,0 +1,44 @@ @@ -10463,7 +10463,7 @@ index 000000000..6cfb35592 + rpc_read_nfs_state_data(blkmapd_t) +') diff --git a/blueman.fc b/blueman.fc -index c295d2e01..4f84e9c14 100644 +index c295d2e018..4f84e9c141 100644 --- a/blueman.fc +++ b/blueman.fc @@ -1,3 +1,4 @@ @@ -10472,7 +10472,7 @@ index c295d2e01..4f84e9c14 100644 /var/lib/blueman(/.*)? gen_context(system_u:object_r:blueman_var_lib_t,s0) diff --git a/blueman.if b/blueman.if -index 16ec52526..1dd40595c 100644 +index 16ec52526a..1dd40595cf 100644 --- a/blueman.if +++ b/blueman.if @@ -38,6 +38,7 @@ interface(`blueman_dbus_chat',` @@ -10484,7 +10484,7 @@ index 16ec52526..1dd40595c 100644 ######################################## diff --git a/blueman.te b/blueman.te -index 3a5032e06..7987a21b1 100644 +index 3a5032e06d..7987a21b1b 100644 --- a/blueman.te +++ b/blueman.te @@ -7,7 +7,7 @@ policy_module(blueman, 1.1.0) @@ -10565,7 +10565,7 @@ index 3a5032e06..7987a21b1 100644 + xserver_read_state_xdm(blueman_t) +') diff --git a/bluetooth.fc b/bluetooth.fc -index 2b9c7f329..0086b95d1 100644 +index 2b9c7f3296..0086b95d12 100644 --- a/bluetooth.fc +++ b/bluetooth.fc @@ -5,10 +5,14 @@ @@ -10584,7 +10584,7 @@ index 2b9c7f329..0086b95d1 100644 /usr/sbin/bluetoothd -- gen_context(system_u:object_r:bluetooth_exec_t,s0) /usr/sbin/hciattach -- gen_context(system_u:object_r:bluetooth_exec_t,s0) diff --git a/bluetooth.if b/bluetooth.if -index c723a0ae0..d3611b658 100644 +index c723a0ae05..d3611b6589 100644 --- a/bluetooth.if +++ b/bluetooth.if @@ -37,7 +37,12 @@ interface(`bluetooth_role',` @@ -10716,7 +10716,7 @@ index c723a0ae0..d3611b658 100644 + allow $1 bluetooth_unit_file_t:service all_service_perms; ') diff --git a/bluetooth.te b/bluetooth.te -index 851769e55..903bc0f9e 100644 +index 851769e555..903bc0f9eb 100644 --- a/bluetooth.te +++ b/bluetooth.te @@ -10,6 +10,7 @@ attribute_role bluetooth_helper_roles; @@ -10838,7 +10838,7 @@ index 851769e55..903bc0f9e 100644 term_dontaudit_use_all_ttys(bluetooth_helper_t) diff --git a/boinc.fc b/boinc.fc -index 6d3ccad60..bda740a71 100644 +index 6d3ccad60d..bda740a711 100644 --- a/boinc.fc +++ b/boinc.fc @@ -1,9 +1,12 @@ @@ -10861,7 +10861,7 @@ index 6d3ccad60..bda740a71 100644 + +/var/log/boinc\.log.* -- gen_context(system_u:object_r:boinc_log_t,s0) diff --git a/boinc.if b/boinc.if -index 02fefaaf7..308616e8d 100644 +index 02fefaaf76..308616e8dd 100644 --- a/boinc.if +++ b/boinc.if @@ -1,9 +1,166 @@ @@ -11081,7 +11081,7 @@ index 02fefaaf7..308616e8d 100644 + ') ') diff --git a/boinc.te b/boinc.te -index 687d4c48d..8ba0f8bdb 100644 +index 687d4c48df..8ba0f8bdbd 100644 --- a/boinc.te +++ b/boinc.te @@ -12,7 +12,9 @@ policy_module(boinc, 1.1.1) @@ -11367,7 +11367,7 @@ index 687d4c48d..8ba0f8bdb 100644 +') diff --git a/boltd.fc b/boltd.fc new file mode 100644 -index 000000000..e0bdf7663 +index 0000000000..e0bdf7663f --- /dev/null +++ b/boltd.fc @@ -0,0 +1,5 @@ @@ -11378,7 +11378,7 @@ index 000000000..e0bdf7663 +/var/run/boltd(/.*)? gen_context(system_u:object_r:boltd_var_run_t,s0) diff --git a/boltd.if b/boltd.if new file mode 100644 -index 000000000..cdec3f10d +index 0000000000..cdec3f10d9 --- /dev/null +++ b/boltd.if @@ -0,0 +1,213 @@ @@ -11597,7 +11597,7 @@ index 000000000..cdec3f10d +') diff --git a/boltd.te b/boltd.te new file mode 100644 -index 000000000..6106dddde +index 0000000000..6106dddde7 --- /dev/null +++ b/boltd.te @@ -0,0 +1,74 @@ @@ -11676,7 +11676,7 @@ index 000000000..6106dddde + unconfined_dbus_send(boltd_t) +') diff --git a/brctl.te b/brctl.te -index c5a91138c..1919abdd8 100644 +index c5a91138c9..1919abdd88 100644 --- a/brctl.te +++ b/brctl.te @@ -24,6 +24,7 @@ allow brctl_t self:unix_dgram_socket create_socket_perms; @@ -11702,7 +11702,7 @@ index c5a91138c..1919abdd8 100644 xen_dontaudit_rw_unix_stream_sockets(brctl_t) diff --git a/brltty.fc b/brltty.fc new file mode 100644 -index 000000000..05e352897 +index 0000000000..05e3528979 --- /dev/null +++ b/brltty.fc @@ -0,0 +1,10 @@ @@ -11718,7 +11718,7 @@ index 000000000..05e352897 + diff --git a/brltty.if b/brltty.if new file mode 100644 -index 000000000..968c957ab +index 0000000000..968c957aba --- /dev/null +++ b/brltty.if @@ -0,0 +1,80 @@ @@ -11804,7 +11804,7 @@ index 000000000..968c957ab +') diff --git a/brltty.te b/brltty.te new file mode 100644 -index 000000000..a4265adc9 +index 0000000000..a4265adc94 --- /dev/null +++ b/brltty.te @@ -0,0 +1,72 @@ @@ -11881,7 +11881,7 @@ index 000000000..a4265adc9 + +term_use_unallocated_ttys(brltty_t) diff --git a/bugzilla.fc b/bugzilla.fc -index fce0b6ebf..9efceac4e 100644 +index fce0b6ebff..9efceac4ec 100644 --- a/bugzilla.fc +++ b/bugzilla.fc @@ -1,4 +1,4 @@ @@ -11893,7 +11893,7 @@ index fce0b6ebf..9efceac4e 100644 -/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0) +/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:bugzilla_rw_content_t,s0) diff --git a/bugzilla.if b/bugzilla.if -index 1b22262d5..d9ea246a1 100644 +index 1b22262d51..d9ea246a17 100644 --- a/bugzilla.if +++ b/bugzilla.if @@ -12,10 +12,10 @@ @@ -11980,7 +11980,7 @@ index 1b22262d5..d9ea246a1 100644 + ') ') diff --git a/bugzilla.te b/bugzilla.te -index 18623e39e..c62f617e1 100644 +index 18623e39ea..c62f617e15 100644 --- a/bugzilla.te +++ b/bugzilla.te @@ -6,42 +6,55 @@ policy_module(bugzilla, 1.1.0) @@ -12060,7 +12060,7 @@ index 18623e39e..c62f617e1 100644 ') diff --git a/bumblebee.fc b/bumblebee.fc new file mode 100644 -index 000000000..b5ee23be7 +index 0000000000..b5ee23be76 --- /dev/null +++ b/bumblebee.fc @@ -0,0 +1,7 @@ @@ -12073,7 +12073,7 @@ index 000000000..b5ee23be7 +/var/run/bumblebee.* gen_context(system_u:object_r:bumblebee_var_run_t,s0) diff --git a/bumblebee.if b/bumblebee.if new file mode 100644 -index 000000000..2d2e60c19 +index 0000000000..2d2e60c199 --- /dev/null +++ b/bumblebee.if @@ -0,0 +1,122 @@ @@ -12201,7 +12201,7 @@ index 000000000..2d2e60c19 +') diff --git a/bumblebee.te b/bumblebee.te new file mode 100644 -index 000000000..acaf51906 +index 0000000000..acaf51906e --- /dev/null +++ b/bumblebee.te @@ -0,0 +1,62 @@ @@ -12268,7 +12268,7 @@ index 000000000..acaf51906 + apm_stream_connect(bumblebee_t) +') diff --git a/cachefilesd.fc b/cachefilesd.fc -index 648c7902b..aa03fc8ae 100644 +index 648c7902bb..aa03fc8ae5 100644 --- a/cachefilesd.fc +++ b/cachefilesd.fc @@ -1,9 +1,34 @@ @@ -12310,7 +12310,7 @@ index 648c7902b..aa03fc8ae 100644 -/var/run/cachefilesd\.pid -- gen_context(system_u:object_r:cachefilesd_var_run_t,s0) +/var/run/cachefilesd\.pid -- gen_context(system_u:object_r:cachefilesd_var_run_t,s0) diff --git a/cachefilesd.if b/cachefilesd.if -index 8de2ab9c5..3b419455f 100644 +index 8de2ab9c52..3b419455f8 100644 --- a/cachefilesd.if +++ b/cachefilesd.if @@ -1,39 +1,35 @@ @@ -12376,7 +12376,7 @@ index 8de2ab9c5..3b419455f 100644 + domtrans_pattern($1, cachefilesd_exec_t, cachefilesd_t) ') diff --git a/cachefilesd.te b/cachefilesd.te -index a3760bc92..22ed920b7 100644 +index a3760bc924..22ed920b74 100644 --- a/cachefilesd.te +++ b/cachefilesd.te @@ -1,52 +1,125 @@ @@ -12528,7 +12528,7 @@ index a3760bc92..22ed920b7 100644 + +init_sigchld_script(cachefiles_kernel_t) diff --git a/calamaris.if b/calamaris.if -index cd9c52871..ba793b748 100644 +index cd9c52871a..ba793b748a 100644 --- a/calamaris.if +++ b/calamaris.if @@ -42,7 +42,7 @@ interface(`calamaris_run',` @@ -12541,7 +12541,7 @@ index cd9c52871..ba793b748 100644 ') diff --git a/calamaris.te b/calamaris.te -index 7e574604b..8d8cd78e5 100644 +index 7e574604be..8d8cd78e54 100644 --- a/calamaris.te +++ b/calamaris.te @@ -23,7 +23,7 @@ files_type(calamaris_www_t) @@ -12583,7 +12583,7 @@ index 7e574604b..8d8cd78e5 100644 optional_policy(` diff --git a/callweaver.te b/callweaver.te -index 0e5be4cdf..b9a407f90 100644 +index 0e5be4cdfc..b9a407f900 100644 --- a/callweaver.te +++ b/callweaver.te @@ -84,4 +84,3 @@ term_use_ptmx(callweaver_t) @@ -12592,7 +12592,7 @@ index 0e5be4cdf..b9a407f90 100644 -miscfiles_read_localization(callweaver_t) diff --git a/canna.if b/canna.if -index 400db07a2..f416e22a7 100644 +index 400db07a26..f416e22a7a 100644 --- a/canna.if +++ b/canna.if @@ -43,9 +43,13 @@ interface(`canna_admin',` @@ -12611,7 +12611,7 @@ index 400db07a2..f416e22a7 100644 domain_system_change_exemption($1) role_transition $2 canna_initrc_exec_t system_r; diff --git a/canna.te b/canna.te -index 9fe61621f..5c505e7de 100644 +index 9fe61621f0..5c505e7ded 100644 --- a/canna.te +++ b/canna.te @@ -52,7 +52,6 @@ files_pid_filetrans(canna_t, canna_var_run_t, { dir sock_file }) @@ -12641,7 +12641,7 @@ index 9fe61621f..5c505e7de 100644 sysnet_read_config(canna_t) diff --git a/ccs.if b/ccs.if -index 5ded72d37..cb94e5ea7 100644 +index 5ded72d378..cb94e5ea7c 100644 --- a/ccs.if +++ b/ccs.if @@ -98,20 +98,24 @@ interface(`ccs_manage_config',` @@ -12673,7 +12673,7 @@ index 5ded72d37..cb94e5ea7 100644 files_search_var_lib($1) admin_pattern($1, ccs_var_lib_t) diff --git a/ccs.te b/ccs.te -index 658134d8a..58deeceaa 100644 +index 658134d8ad..58deeceaab 100644 --- a/ccs.te +++ b/ccs.te @@ -37,7 +37,7 @@ files_pid_file(ccs_var_run_t) @@ -12721,7 +12721,7 @@ index 658134d8a..58deeceaa 100644 optional_policy(` diff --git a/cdrecord.if b/cdrecord.if -index fbc20f694..4de4a005c 100644 +index fbc20f6945..4de4a005cc 100644 --- a/cdrecord.if +++ b/cdrecord.if @@ -27,6 +27,9 @@ interface(`cdrecord_role',` @@ -12736,7 +12736,7 @@ index fbc20f694..4de4a005c 100644 ps_process_pattern($2, cdrecord_t) ') diff --git a/cdrecord.te b/cdrecord.te -index 16883c9c3..97e9a429e 100644 +index 16883c9c30..97e9a429eb 100644 --- a/cdrecord.te +++ b/cdrecord.te @@ -29,7 +29,7 @@ role cdrecord_roles types cdrecord_t; @@ -12783,7 +12783,7 @@ index 16883c9c3..97e9a429e 100644 optional_policy(` resmgr_stream_connect(cdrecord_t) diff --git a/certmaster.if b/certmaster.if -index 0c53b189b..ef29f6e6c 100644 +index 0c53b189bd..ef29f6e6c3 100644 --- a/certmaster.if +++ b/certmaster.if @@ -117,13 +117,16 @@ interface(`certmaster_manage_log',` @@ -12807,7 +12807,7 @@ index 0c53b189b..ef29f6e6c 100644 domain_system_change_exemption($1) role_transition $2 certmaster_initrc_exec_t system_r; diff --git a/certmaster.te b/certmaster.te -index 4a878730b..113f3b32f 100644 +index 4a878730b6..113f3b32fd 100644 --- a/certmaster.te +++ b/certmaster.te @@ -65,11 +65,10 @@ corenet_tcp_sendrecv_certmaster_port(certmaster_t) @@ -12825,7 +12825,7 @@ index 4a878730b..113f3b32f 100644 + +mta_send_mail(certmaster_t) diff --git a/certmonger.fc b/certmonger.fc -index ed298d8b6..c88764838 100644 +index ed298d8b66..c887648384 100644 --- a/certmonger.fc +++ b/certmonger.fc @@ -1,7 +1,12 @@ @@ -12842,7 +12842,7 @@ index ed298d8b6..c88764838 100644 /var/run/certmonger.* gen_context(system_u:object_r:certmonger_var_run_t,s0) diff --git a/certmonger.if b/certmonger.if -index 008f8ef26..144c0740a 100644 +index 008f8ef262..144c0740a6 100644 --- a/certmonger.if +++ b/certmonger.if @@ -160,16 +160,20 @@ interface(`certmonger_admin',` @@ -12870,7 +12870,7 @@ index 008f8ef26..144c0740a 100644 admin_pattern($1, certmonger_var_run_t) ') diff --git a/certmonger.te b/certmonger.te -index 550b287ce..d350a8732 100644 +index 550b287cec..d350a87329 100644 --- a/certmonger.te +++ b/certmonger.te @@ -18,18 +18,26 @@ files_type(certmonger_var_lib_t) @@ -13052,7 +13052,7 @@ index 550b287ce..d350a8732 100644 + ') +') diff --git a/certwatch.te b/certwatch.te -index 171fafb99..69d01f6fa 100644 +index 171fafb990..69d01f6fa0 100644 --- a/certwatch.te +++ b/certwatch.te @@ -18,34 +18,47 @@ role certwatch_roles types certwatch_t; @@ -13110,7 +13110,7 @@ index 171fafb99..69d01f6fa 100644 cron_system_entry(certwatch_t, certwatch_exec_t) ') diff --git a/cfengine.if b/cfengine.if -index a7311229f..5279d4e3a 100644 +index a7311229f7..5279d4e3a5 100644 --- a/cfengine.if +++ b/cfengine.if @@ -13,7 +13,6 @@ @@ -13210,7 +13210,7 @@ index a7311229f..5279d4e3a 100644 ') + diff --git a/cfengine.te b/cfengine.te -index fbe3ad955..21ab8e176 100644 +index fbe3ad9555..21ab8e1767 100644 --- a/cfengine.te +++ b/cfengine.te @@ -41,18 +41,13 @@ create_files_pattern(cfengine_domain, cfengine_log_t, cfengine_log_t) @@ -13244,7 +13244,7 @@ index fbe3ad955..21ab8e176 100644 domain_read_all_domains_state(cfengine_monitord_t) diff --git a/cgdcbxd.fc b/cgdcbxd.fc new file mode 100644 -index 000000000..756703813 +index 0000000000..756703813d --- /dev/null +++ b/cgdcbxd.fc @@ -0,0 +1,5 @@ @@ -13255,7 +13255,7 @@ index 000000000..756703813 +/var/run/cgdcbxd\.pid -- gen_context(system_u:object_r:cgdcbxd_var_run_t,s0) diff --git a/cgdcbxd.if b/cgdcbxd.if new file mode 100644 -index 000000000..1efacf1d1 +index 0000000000..1efacf1d17 --- /dev/null +++ b/cgdcbxd.if @@ -0,0 +1,99 @@ @@ -13360,7 +13360,7 @@ index 000000000..1efacf1d1 +') diff --git a/cgdcbxd.te b/cgdcbxd.te new file mode 100644 -index 000000000..32640a7b0 +index 0000000000..32640a7b08 --- /dev/null +++ b/cgdcbxd.te @@ -0,0 +1,40 @@ @@ -13405,7 +13405,7 @@ index 000000000..32640a7b0 + +domain_dontaudit_read_all_domains_state(cgdcbxd_t) diff --git a/cgroup.if b/cgroup.if -index 85ca63f9a..1d1c99c8f 100644 +index 85ca63f9a7..1d1c99c8fc 100644 --- a/cgroup.if +++ b/cgroup.if @@ -171,8 +171,26 @@ interface(`cgroup_admin',` @@ -13438,7 +13438,7 @@ index 85ca63f9a..1d1c99c8f 100644 admin_pattern($1, { cgconfig_etc_t cgrules_etc_t }) files_list_etc($1) diff --git a/cgroup.te b/cgroup.te -index 80a88a27a..514eb47f2 100644 +index 80a88a27a8..514eb47f24 100644 --- a/cgroup.te +++ b/cgroup.te @@ -25,8 +25,8 @@ files_pid_file(cgred_var_run_t) @@ -13522,7 +13522,7 @@ index 80a88a27a..514eb47f2 100644 +logging_send_syslog_msg(cgred_t) diff --git a/chrome.fc b/chrome.fc new file mode 100644 -index 000000000..5c6bdb68d +index 0000000000..5c6bdb68dd --- /dev/null +++ b/chrome.fc @@ -0,0 +1,11 @@ @@ -13539,7 +13539,7 @@ index 000000000..5c6bdb68d +HOME_DIR/\.cache/chromium(/.*)? gen_context(system_u:object_r:chrome_sandbox_home_t,s0) diff --git a/chrome.if b/chrome.if new file mode 100644 -index 000000000..aa308eba6 +index 0000000000..aa308eba61 --- /dev/null +++ b/chrome.if @@ -0,0 +1,137 @@ @@ -13682,7 +13682,7 @@ index 000000000..aa308eba6 +') diff --git a/chrome.te b/chrome.te new file mode 100644 -index 000000000..5dce7aba4 +index 0000000000..5dce7aba49 --- /dev/null +++ b/chrome.te @@ -0,0 +1,257 @@ @@ -13944,7 +13944,7 @@ index 000000000..5dce7aba4 + gnome_dontaudit_write_config_files(chrome_sandbox_nacl_t) +') diff --git a/chronyd.fc b/chronyd.fc -index 4e4143ed8..940434abe 100644 +index 4e4143ed8f..940434abe7 100644 --- a/chronyd.fc +++ b/chronyd.fc @@ -1,13 +1,20 @@ @@ -13971,7 +13971,7 @@ index 4e4143ed8..940434abe 100644 /var/run/chronyd\.pid -- gen_context(system_u:object_r:chronyd_var_run_t,s0) /var/run/chronyd\.sock -s gen_context(system_u:object_r:chronyd_var_run_t,s0) diff --git a/chronyd.if b/chronyd.if -index 32e8265c2..ffebaf512 100644 +index 32e8265c2e..ffebaf512b 100644 --- a/chronyd.if +++ b/chronyd.if @@ -57,6 +57,24 @@ interface(`chronyd_exec',` @@ -14209,7 +14209,7 @@ index 32e8265c2..ffebaf512 100644 + roleattribute $2 chronyc_roles; ') diff --git a/chronyd.te b/chronyd.te -index e5b621c29..1870a5c3d 100644 +index e5b621c29c..1870a5c3da 100644 --- a/chronyd.te +++ b/chronyd.te @@ -5,6 +5,9 @@ policy_module(chronyd, 1.2.0) @@ -14378,7 +14378,7 @@ index e5b621c29..1870a5c3d 100644 ') diff --git a/cinder.fc b/cinder.fc new file mode 100644 -index 000000000..4b318b783 +index 0000000000..4b318b783e --- /dev/null +++ b/cinder.fc @@ -0,0 +1,16 @@ @@ -14400,7 +14400,7 @@ index 000000000..4b318b783 +/var/run/cinder(/.*)? gen_context(system_u:object_r:cinder_var_run_t,s0) diff --git a/cinder.if b/cinder.if new file mode 100644 -index 000000000..fc9cae7c7 +index 0000000000..fc9cae7c76 --- /dev/null +++ b/cinder.if @@ -0,0 +1,57 @@ @@ -14463,7 +14463,7 @@ index 000000000..fc9cae7c7 +') diff --git a/cinder.te b/cinder.te new file mode 100644 -index 000000000..a05691d8f +index 0000000000..a05691d8fc --- /dev/null +++ b/cinder.te @@ -0,0 +1,171 @@ @@ -14639,7 +14639,7 @@ index 000000000..a05691d8f +') + diff --git a/cipe.te b/cipe.te -index a0aa693d1..af571edbb 100644 +index a0aa693d14..af571edbba 100644 --- a/cipe.te +++ b/cipe.te @@ -29,7 +29,6 @@ kernel_read_system_state(ciped_t) @@ -14668,7 +14668,7 @@ index a0aa693d1..af571edbb 100644 userdom_dontaudit_use_unpriv_user_fds(ciped_t) diff --git a/clamav.fc b/clamav.fc -index d72afcc31..c53b80dcd 100644 +index d72afcc314..c53b80dcd2 100644 --- a/clamav.fc +++ b/clamav.fc @@ -6,6 +6,8 @@ @@ -14681,7 +14681,7 @@ index d72afcc31..c53b80dcd 100644 /usr/sbin/clamav-milter -- gen_context(system_u:object_r:clamd_exec_t,s0) diff --git a/clamav.if b/clamav.if -index 4cc4a5cd0..a6c632290 100644 +index 4cc4a5cd0e..a6c6322903 100644 --- a/clamav.if +++ b/clamav.if @@ -1,4 +1,4 @@ @@ -14931,7 +14931,7 @@ index 4cc4a5cd0..a6c632290 100644 + ') diff --git a/clamav.te b/clamav.te -index ce3836acd..0263671f7 100644 +index ce3836acd0..0263671f79 100644 --- a/clamav.te +++ b/clamav.te @@ -38,6 +38,9 @@ files_config_file(clamd_etc_t) @@ -15094,7 +15094,7 @@ index ce3836acd..0263671f7 100644 apache_read_sys_content(clamscan_t) ') diff --git a/clockspeed.te b/clockspeed.te -index d3e2a67e5..f5b330c08 100644 +index d3e2a67e53..f5b330c087 100644 --- a/clockspeed.te +++ b/clockspeed.te @@ -29,7 +29,6 @@ allow clockspeed_cli_t self:udp_socket create_socket_perms; @@ -15137,7 +15137,7 @@ index d3e2a67e5..f5b330c08 100644 optional_policy(` daemontools_service_domain(clockspeed_srv_t, clockspeed_srv_exec_t) diff --git a/clogd.te b/clogd.te -index 4a5b3d1a5..cd146bd5a 100644 +index 4a5b3d1a59..cd146bd5a3 100644 --- a/clogd.te +++ b/clogd.te @@ -41,9 +41,6 @@ storage_raw_write_fixed_disk(clogd_t) @@ -15153,7 +15153,7 @@ index 4a5b3d1a5..cd146bd5a 100644 ') diff --git a/cloudform.fc b/cloudform.fc new file mode 100644 -index 000000000..3849f134a +index 0000000000..3849f134a5 --- /dev/null +++ b/cloudform.fc @@ -0,0 +1,21 @@ @@ -15180,7 +15180,7 @@ index 000000000..3849f134a +/var/run/iwhd\.pid -- gen_context(system_u:object_r:iwhd_var_run_t,s0) diff --git a/cloudform.if b/cloudform.if new file mode 100644 -index 000000000..55fe0d668 +index 0000000000..55fe0d6686 --- /dev/null +++ b/cloudform.if @@ -0,0 +1,116 @@ @@ -15302,7 +15302,7 @@ index 000000000..55fe0d668 +') diff --git a/cloudform.te b/cloudform.te new file mode 100644 -index 000000000..44e577709 +index 0000000000..44e5777093 --- /dev/null +++ b/cloudform.te @@ -0,0 +1,253 @@ @@ -15560,7 +15560,7 @@ index 000000000..44e577709 +userdom_home_manager(iwhd_t) + diff --git a/cmirrord.if b/cmirrord.if -index cc4e7cb96..f348d2746 100644 +index cc4e7cb969..f348d27465 100644 --- a/cmirrord.if +++ b/cmirrord.if @@ -73,10 +73,11 @@ interface(`cmirrord_rw_shm',` @@ -15592,7 +15592,7 @@ index cc4e7cb96..f348d2746 100644 domain_system_change_exemption($1) role_transition $2 cmirrord_initrc_exec_t system_r; diff --git a/cmirrord.te b/cmirrord.te -index bbdd3960e..28b176182 100644 +index bbdd3960ef..28b1761820 100644 --- a/cmirrord.te +++ b/cmirrord.te @@ -23,13 +23,14 @@ files_pid_file(cmirrord_var_run_t) @@ -15635,7 +15635,7 @@ index bbdd3960e..28b176182 100644 + rhcs_rw_cluster_tmpfs(cmirrord_t) +') diff --git a/cobbler.fc b/cobbler.fc -index 973d208ff..6ce88039f 100644 +index 973d208ff6..6ce88039ff 100644 --- a/cobbler.fc +++ b/cobbler.fc @@ -4,11 +4,15 @@ @@ -15655,7 +15655,7 @@ index 973d208ff..6ce88039f 100644 /var/lib/tftpboot/menu\.c32 -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) /var/lib/tftpboot/ppc(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) diff --git a/cobbler.if b/cobbler.if -index c223f8132..8b567c191 100644 +index c223f81328..8b567c1911 100644 --- a/cobbler.if +++ b/cobbler.if @@ -38,6 +38,28 @@ interface(`cobblerd_initrc_domtrans',` @@ -15724,7 +15724,7 @@ index c223f8132..8b567c191 100644 - admin_pattern($1, { httpd_cobbler_content_t httpd_cobbler_content_ra_t httpd_cobbler_content_rw_t }) ') diff --git a/cobbler.te b/cobbler.te -index 5f306dd44..b6d1c0f70 100644 +index 5f306dd442..b6d1c0f703 100644 --- a/cobbler.te +++ b/cobbler.te @@ -62,7 +62,7 @@ files_tmp_file(cobbler_tmp_t) @@ -15836,7 +15836,7 @@ index 5f306dd44..b6d1c0f70 100644 ') diff --git a/cockpit.fc b/cockpit.fc new file mode 100644 -index 000000000..bf801737d +index 0000000000..bf801737de --- /dev/null +++ b/cockpit.fc @@ -0,0 +1,13 @@ @@ -15855,7 +15855,7 @@ index 000000000..bf801737d +/var/run/cockpit-ws(/.*)? gen_context(system_u:object_r:cockpit_var_run_t,s0) diff --git a/cockpit.if b/cockpit.if new file mode 100644 -index 000000000..d5920c061 +index 0000000000..d5920c061c --- /dev/null +++ b/cockpit.if @@ -0,0 +1,188 @@ @@ -16049,7 +16049,7 @@ index 000000000..d5920c061 +') diff --git a/cockpit.te b/cockpit.te new file mode 100644 -index 000000000..6b84d6f0f +index 0000000000..6b84d6f0f4 --- /dev/null +++ b/cockpit.te @@ -0,0 +1,123 @@ @@ -16177,7 +16177,7 @@ index 000000000..6b84d6f0f + unconfined_domtrans(cockpit_session_t) +') diff --git a/collectd.fc b/collectd.fc -index 79a3abe3a..bc83ff938 100644 +index 79a3abe3ab..bc83ff9381 100644 --- a/collectd.fc +++ b/collectd.fc @@ -1,9 +1,16 @@ @@ -16199,7 +16199,7 @@ index 79a3abe3a..bc83ff938 100644 -/usr/share/collectd/collection3/bin/.*\.cgi -- gen_context(system_u:object_r:httpd_collectd_script_exec_t,s0) +/usr/share/collectd/collection3/bin/.*\.cgi -- gen_context(system_u:object_r:collectd_script_exec_t,s0) diff --git a/collectd.if b/collectd.if -index 954309e64..c4f158fd0 100644 +index 954309e644..c4f158fd07 100644 --- a/collectd.if +++ b/collectd.if @@ -2,8 +2,165 @@ @@ -16402,7 +16402,7 @@ index 954309e64..c4f158fd0 100644 ') + diff --git a/collectd.te b/collectd.te -index 6471fa8c4..73e2839be 100644 +index 6471fa8c42..73e2839bee 100644 --- a/collectd.te +++ b/collectd.te @@ -20,49 +20,72 @@ init_daemon_domain(collectd_t, collectd_exec_t) @@ -16536,7 +16536,7 @@ index 6471fa8c4..73e2839be 100644 + +auth_read_passwd(collectd_script_t) diff --git a/colord.fc b/colord.fc -index 71639eb54..08ab89171 100644 +index 71639eb543..08ab891711 100644 --- a/colord.fc +++ b/colord.fc @@ -7,5 +7,7 @@ @@ -16548,7 +16548,7 @@ index 71639eb54..08ab89171 100644 /var/lib/color(/.*)? gen_context(system_u:object_r:colord_var_lib_t,s0) /var/lib/colord(/.*)? gen_context(system_u:object_r:colord_var_lib_t,s0) diff --git a/colord.if b/colord.if -index 8e27a37c1..c69be28b9 100644 +index 8e27a37c1b..c69be28b92 100644 --- a/colord.if +++ b/colord.if @@ -1,4 +1,4 @@ @@ -16602,7 +16602,7 @@ index 8e27a37c1..c69be28b9 100644 + ps_process_pattern($1, colord_t) +') diff --git a/colord.te b/colord.te -index 9f2dfb233..ad8ae4228 100644 +index 9f2dfb2330..ad8ae42281 100644 --- a/colord.te +++ b/colord.te @@ -8,6 +8,7 @@ policy_module(colord, 1.1.0) @@ -16726,7 +16726,7 @@ index 9f2dfb233..ad8ae4228 100644 + zoneminder_rw_tmpfs_files(colord_t) +') diff --git a/comsat.te b/comsat.te -index c63cf8556..dc6998b60 100644 +index c63cf8556e..dc6998b60d 100644 --- a/comsat.te +++ b/comsat.te @@ -37,6 +37,13 @@ kernel_read_kernel_sysctls(comsat_t) @@ -16753,7 +16753,7 @@ index c63cf8556..dc6998b60 100644 mta_getattr_spool(comsat_t) diff --git a/condor.fc b/condor.fc -index ad2b69606..28d1af020 100644 +index ad2b69606a..28d1af0202 100644 --- a/condor.fc +++ b/condor.fc @@ -1,6 +1,7 @@ @@ -16765,7 +16765,7 @@ index ad2b69606..28d1af020 100644 /usr/sbin/condor_collector -- gen_context(system_u:object_r:condor_collector_exec_t,s0) /usr/sbin/condor_master -- gen_context(system_u:object_r:condor_master_exec_t,s0) diff --git a/condor.if b/condor.if -index 881d92f35..a2d588a51 100644 +index 881d92f35e..a2d588a51c 100644 --- a/condor.if +++ b/condor.if @@ -1,75 +1,391 @@ @@ -17224,7 +17224,7 @@ index 881d92f35..a2d588a51 100644 + ') ') diff --git a/condor.te b/condor.te -index ce9f040e2..990ada3ad 100644 +index ce9f040e2f..990ada3adc 100644 --- a/condor.te +++ b/condor.te @@ -34,7 +34,7 @@ files_tmp_file(condor_startd_tmp_t) @@ -17416,7 +17416,7 @@ index ce9f040e2..990ada3ad 100644 +') diff --git a/conman.fc b/conman.fc new file mode 100644 -index 000000000..397da66fb +index 0000000000..397da66fbc --- /dev/null +++ b/conman.fc @@ -0,0 +1,11 @@ @@ -17433,7 +17433,7 @@ index 000000000..397da66fb +/var/run/conmand.* -- gen_context(system_u:object_r:conman_var_run_t,s0) diff --git a/conman.if b/conman.if new file mode 100644 -index 000000000..1cc5fa464 +index 0000000000..1cc5fa4643 --- /dev/null +++ b/conman.if @@ -0,0 +1,143 @@ @@ -17582,7 +17582,7 @@ index 000000000..1cc5fa464 +') diff --git a/conman.te b/conman.te new file mode 100644 -index 000000000..8d5d88400 +index 0000000000..8d5d884006 --- /dev/null +++ b/conman.te @@ -0,0 +1,117 @@ @@ -17704,7 +17704,7 @@ index 000000000..8d5d88400 + unconfined_domain(conman_unconfined_script_t) +') diff --git a/consolekit.fc b/consolekit.fc -index 23c95582f..29e5fd38d 100644 +index 23c95582fa..29e5fd38df 100644 --- a/consolekit.fc +++ b/consolekit.fc @@ -1,3 +1,5 @@ @@ -17714,7 +17714,7 @@ index 23c95582f..29e5fd38d 100644 /var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0) diff --git a/consolekit.if b/consolekit.if -index 5b830ec9c..78025c5e7 100644 +index 5b830ec9c4..78025c5e70 100644 --- a/consolekit.if +++ b/consolekit.if @@ -19,6 +19,27 @@ interface(`consolekit_domtrans',` @@ -17837,7 +17837,7 @@ index 5b830ec9c..78025c5e7 100644 + ps_process_pattern($1, consolekit_t) +') diff --git a/consolekit.te b/consolekit.te -index bd18063f6..94407f854 100644 +index bd18063f69..94407f8541 100644 --- a/consolekit.te +++ b/consolekit.te @@ -19,21 +19,23 @@ type consolekit_var_run_t; @@ -17935,7 +17935,7 @@ index bd18063f6..94407f854 100644 policykit_domtrans_auth(consolekit_t) diff --git a/container.fc b/container.fc new file mode 100644 -index 000000000..bad12f421 +index 0000000000..bad12f4214 --- /dev/null +++ b/container.fc @@ -0,0 +1,31 @@ @@ -17972,7 +17972,7 @@ index 000000000..bad12f421 +/var/lib/docker/.*/config\.env gen_context(system_u:object_r:container_share_t,s0) diff --git a/container.if b/container.if new file mode 100644 -index 000000000..785affa3f +index 0000000000..785affa3f5 --- /dev/null +++ b/container.if @@ -0,0 +1,542 @@ @@ -18520,7 +18520,7 @@ index 000000000..785affa3f + diff --git a/container.te b/container.te new file mode 100644 -index 000000000..5a929c427 +index 0000000000..5a929c4277 --- /dev/null +++ b/container.te @@ -0,0 +1,391 @@ @@ -18916,7 +18916,7 @@ index 000000000..5a929c427 + +sysnet_dns_name_resolve(container_auth_t) diff --git a/corosync.fc b/corosync.fc -index da39f0fcc..b26d3e0a4 100644 +index da39f0fccc..b26d3e0a47 100644 --- a/corosync.fc +++ b/corosync.fc @@ -1,5 +1,7 @@ @@ -18934,7 +18934,7 @@ index da39f0fcc..b26d3e0a4 100644 +/var/run/corosync-qdevice(/.*)? gen_context(system_u:object_r:corosync_var_run_t,s0) +/var/run/corosync-qnetd(/.*)? gen_context(system_u:object_r:corosync_var_run_t,s0) diff --git a/corosync.if b/corosync.if -index 694a037da..d8596812d 100644 +index 694a037dad..d8596812db 100644 --- a/corosync.if +++ b/corosync.if @@ -77,6 +77,25 @@ interface(`corosync_read_log',` @@ -19055,7 +19055,7 @@ index 694a037da..d8596812d 100644 + allow $1 corosync_unit_file_t:service all_service_perms; ') diff --git a/corosync.te b/corosync.te -index d5aa1e446..9a2570145 100644 +index d5aa1e446e..9a25701453 100644 --- a/corosync.te +++ b/corosync.te @@ -28,12 +28,15 @@ logging_log_file(corosync_var_log_t) @@ -19135,7 +19135,7 @@ index d5aa1e446..9a2570145 100644 + wdmd_rw_tmpfs(corosync_t) +') diff --git a/couchdb.fc b/couchdb.fc -index c0863022d..5380ab641 100644 +index c0863022d1..5380ab6415 100644 --- a/couchdb.fc +++ b/couchdb.fc @@ -1,8 +1,10 @@ @@ -19153,7 +19153,7 @@ index c0863022d..5380ab641 100644 /var/lib/couchdb(/.*)? gen_context(system_u:object_r:couchdb_var_lib_t,s0) diff --git a/couchdb.if b/couchdb.if -index 715a826f1..a1cbdb29e 100644 +index 715a826f15..a1cbdb29ef 100644 --- a/couchdb.if +++ b/couchdb.if @@ -2,7 +2,7 @@ @@ -19383,7 +19383,7 @@ index 715a826f1..a1cbdb29e 100644 + ') ') diff --git a/couchdb.te b/couchdb.te -index ae1c1b12a..9b3a328c2 100644 +index ae1c1b12a6..9b3a328c2c 100644 --- a/couchdb.te +++ b/couchdb.te @@ -27,18 +27,21 @@ files_type(couchdb_var_lib_t) @@ -19460,7 +19460,7 @@ index ae1c1b12a..9b3a328c2 100644 -miscfiles_read_localization(couchdb_t) diff --git a/courier.fc b/courier.fc -index 2f017a076..defdc871e 100644 +index 2f017a076b..defdc871e4 100644 --- a/courier.fc +++ b/courier.fc @@ -11,17 +11,18 @@ @@ -19491,7 +19491,7 @@ index 2f017a076..defdc871e 100644 /var/lib/courier(/.*)? gen_context(system_u:object_r:courier_var_lib_t,s0) /var/lib/courier-imap(/.*)? gen_context(system_u:object_r:courier_var_lib_t,s0) diff --git a/courier.if b/courier.if -index 10f820fc7..acdb179e8 100644 +index 10f820fc74..acdb179e8d 100644 --- a/courier.if +++ b/courier.if @@ -1,12 +1,12 @@ @@ -19667,7 +19667,7 @@ index 10f820fc7..acdb179e8 100644 allow $1 courier_spool_t:fifo_file rw_fifo_file_perms; ') diff --git a/courier.te b/courier.te -index ae3bc70e9..d64452f77 100644 +index ae3bc70e9a..d64452f774 100644 --- a/courier.te +++ b/courier.te @@ -18,7 +18,7 @@ type courier_etc_t; @@ -19757,7 +19757,7 @@ index ae3bc70e9..d64452f77 100644 ######################################## # diff --git a/cpucontrol.te b/cpucontrol.te -index af72c4e55..afab0367f 100644 +index af72c4e55c..afab0367f2 100644 --- a/cpucontrol.te +++ b/cpucontrol.te @@ -42,8 +42,6 @@ term_dontaudit_use_console(cpucontrol_domain) @@ -19794,7 +19794,7 @@ index af72c4e55..afab0367f 100644 -miscfiles_read_localization(cpuspeed_t) +logging_send_syslog_msg(cpuspeed_t) diff --git a/cpufreqselector.te b/cpufreqselector.te -index 6cedb8724..530e250e5 100644 +index 6cedb87247..530e250e50 100644 --- a/cpufreqselector.te +++ b/cpufreqselector.te @@ -14,21 +14,17 @@ init_daemon_domain(cpufreqselector_t, cpufreqselector_exec_t) @@ -19832,7 +19832,7 @@ index 6cedb8724..530e250e5 100644 +') diff --git a/cpuplug.fc b/cpuplug.fc new file mode 100644 -index 000000000..be203ff49 +index 0000000000..be203ff492 --- /dev/null +++ b/cpuplug.fc @@ -0,0 +1,3 @@ @@ -19841,7 +19841,7 @@ index 000000000..be203ff49 +/usr/sbin/cpuplugd -- gen_context(system_u:object_r:cpuplug_exec_t,s0) diff --git a/cpuplug.if b/cpuplug.if new file mode 100644 -index 000000000..c68d1d3cf +index 0000000000..c68d1d3cfb --- /dev/null +++ b/cpuplug.if @@ -0,0 +1,20 @@ @@ -19867,7 +19867,7 @@ index 000000000..c68d1d3cf +') diff --git a/cpuplug.te b/cpuplug.te new file mode 100644 -index 000000000..074f3e04d +index 0000000000..074f3e04de --- /dev/null +++ b/cpuplug.te @@ -0,0 +1,40 @@ @@ -19912,7 +19912,7 @@ index 000000000..074f3e04d +logging_send_syslog_msg(cpuplug_t) + diff --git a/cron.fc b/cron.fc -index ad0bae948..18a4dd415 100644 +index ad0bae948b..18a4dd4156 100644 --- a/cron.fc +++ b/cron.fc @@ -1,66 +1,77 @@ @@ -20034,7 +20034,7 @@ index ad0bae948..18a4dd415 100644 +/var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0) ') diff --git a/cron.if b/cron.if -index 1303b3036..f5bd4aee8 100644 +index 1303b3036b..f5bd4aee87 100644 --- a/cron.if +++ b/cron.if @@ -2,11 +2,12 @@ @@ -21098,7 +21098,7 @@ index 1303b3036..f5bd4aee8 100644 + logging_log_filetrans($1, var_log_t, file, "redhat-access-insights.log") ') diff --git a/cron.te b/cron.te -index 7de385956..b9b2c8f7f 100644 +index 7de385956a..b9b2c8f7f8 100644 --- a/cron.te +++ b/cron.te @@ -11,46 +11,54 @@ gen_require(` @@ -22095,7 +22095,7 @@ index 7de385956..b9b2c8f7f 100644 type unconfined_cronjob_t; diff --git a/ctdb.fc b/ctdb.fc -index 8401fe6f3..84ece3e4a 100644 +index 8401fe6f3b..84ece3e4a7 100644 --- a/ctdb.fc +++ b/ctdb.fc @@ -1,12 +1,20 @@ @@ -22120,7 +22120,7 @@ index 8401fe6f3..84ece3e4a 100644 /var/spool/ctdb(/.*)? gen_context(system_u:object_r:ctdbd_spool_t,s0) diff --git a/ctdb.if b/ctdb.if -index b25b01d12..06895f39a 100644 +index b25b01d12d..06895f39ae 100644 --- a/ctdb.if +++ b/ctdb.if @@ -1,9 +1,178 @@ @@ -22425,7 +22425,7 @@ index b25b01d12..06895f39a 100644 ') + diff --git a/ctdb.te b/ctdb.te -index 001b502e6..1b73c4d79 100644 +index 001b502e6f..1b73c4d799 100644 --- a/ctdb.te +++ b/ctdb.te @@ -24,6 +24,9 @@ files_tmp_file(ctdbd_tmp_t) @@ -22554,7 +22554,7 @@ index 001b502e6..1b73c4d79 100644 optional_policy(` diff --git a/cups.fc b/cups.fc -index 949011ec8..9437dbe01 100644 +index 949011ec86..9437dbe018 100644 --- a/cups.fc +++ b/cups.fc @@ -1,77 +1,91 @@ @@ -22699,7 +22699,7 @@ index 949011ec8..9437dbe01 100644 +/etc/opt/brother/Printers/(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0) +/opt/brother/Printers(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0) diff --git a/cups.if b/cups.if -index 3023be7f6..27938e4b4 100644 +index 3023be7f6d..27938e4b4e 100644 --- a/cups.if +++ b/cups.if @@ -200,10 +200,13 @@ interface(`cups_dbus_chat_config',` @@ -22832,7 +22832,7 @@ index 3023be7f6..27938e4b4 100644 + files_var_filetrans($1, cupsd_rw_etc_t, dir, "cups") ') diff --git a/cups.te b/cups.te -index c91813ccb..8d9b894e5 100644 +index c91813ccbc..8d9b894e5e 100644 --- a/cups.te +++ b/cups.te @@ -5,19 +5,31 @@ policy_module(cups, 1.16.2) @@ -23546,7 +23546,7 @@ index c91813ccb..8d9b894e5 100644 ') + diff --git a/cvs.fc b/cvs.fc -index 75c8be90c..4c1a965c0 100644 +index 75c8be90cd..4c1a965c03 100644 --- a/cvs.fc +++ b/cvs.fc @@ -1,13 +1,16 @@ @@ -23569,7 +23569,7 @@ index 75c8be90c..4c1a965c0 100644 -/var/www/cgi-bin/cvsweb\.cgi -- gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0) +/var/www/cgi-bin/cvsweb\.cgi -- gen_context(system_u:object_r:cvs_script_exec_t,s0) diff --git a/cvs.if b/cvs.if -index 64775fd37..91a60569c 100644 +index 64775fd372..91a60569cd 100644 --- a/cvs.if +++ b/cvs.if @@ -1,5 +1,23 @@ @@ -23649,7 +23649,7 @@ index 64775fd37..91a60569c 100644 + admin_pattern($1, cvs_home_t) ') diff --git a/cvs.te b/cvs.te -index 0f7755005..36e4a38cf 100644 +index 0f7755005f..36e4a38cfb 100644 --- a/cvs.te +++ b/cvs.te @@ -11,7 +11,7 @@ policy_module(cvs, 1.10.2) @@ -23741,7 +23741,7 @@ index 0f7755005..36e4a38cf 100644 + files_tmp_filetrans(cvs_script_t, cvs_tmp_t, { file dir }) ') diff --git a/cyphesis.te b/cyphesis.te -index 77ffc7355..86e11f5e3 100644 +index 77ffc7355c..86e11f5e33 100644 --- a/cyphesis.te +++ b/cyphesis.te @@ -48,7 +48,6 @@ kernel_read_kernel_sysctls(cyphesis_t) @@ -23767,7 +23767,7 @@ index 77ffc7355..86e11f5e3 100644 optional_policy(` diff --git a/cyrus.if b/cyrus.if -index 83bfda6ed..92d9fb2e7 100644 +index 83bfda6edd..92d9fb2e74 100644 --- a/cyrus.if +++ b/cyrus.if @@ -20,6 +20,25 @@ interface(`cyrus_manage_data',` @@ -23812,7 +23812,7 @@ index 83bfda6ed..92d9fb2e7 100644 domain_system_change_exemption($1) role_transition $2 cyrus_initrc_exec_t system_r; diff --git a/cyrus.te b/cyrus.te -index 4283f2de2..21d93a737 100644 +index 4283f2de23..21d93a737a 100644 --- a/cyrus.te +++ b/cyrus.te @@ -29,7 +29,7 @@ files_pid_file(cyrus_var_run_t) @@ -23904,7 +23904,7 @@ index 4283f2de2..21d93a737 100644 ') diff --git a/daemontools.if b/daemontools.if -index 3b3d9a0b7..6c8106a87 100644 +index 3b3d9a0b7b..6c8106a871 100644 --- a/daemontools.if +++ b/daemontools.if @@ -218,3 +218,4 @@ interface(`daemontools_manage_svc',` @@ -23913,7 +23913,7 @@ index 3b3d9a0b7..6c8106a87 100644 ') + diff --git a/daemontools.te b/daemontools.te -index ee1b4aa8e..2fd746e05 100644 +index ee1b4aa8e0..2fd746e050 100644 --- a/daemontools.te +++ b/daemontools.te @@ -44,7 +44,10 @@ allow svc_multilog_t svc_start_t:process sigchld; @@ -23963,7 +23963,7 @@ index ee1b4aa8e..2fd746e05 100644 - -miscfiles_read_localization(svc_start_t) diff --git a/dante.te b/dante.te -index 5a5e2902a..6321a1d0a 100644 +index 5a5e2902a3..6321a1d0a2 100644 --- a/dante.te +++ b/dante.te @@ -53,7 +53,6 @@ dev_read_sysfs(dante_t) @@ -23975,7 +23975,7 @@ index 5a5e2902a..6321a1d0a 100644 fs_getattr_all_fs(dante_t) diff --git a/dbadm.te b/dbadm.te -index b60c464f1..3a5246a9b 100644 +index b60c464f1d..3a5246a9bb 100644 --- a/dbadm.te +++ b/dbadm.te @@ -23,14 +23,14 @@ gen_tunable(dbadm_read_user_files, false) @@ -24012,7 +24012,7 @@ index b60c464f1..3a5246a9b 100644 + sudo_role_template(dbadm, dbadm_r, dbadm_t) +') diff --git a/dbskk.te b/dbskk.te -index f55c42082..e9d64ab5f 100644 +index f55c420821..e9d64ab5f2 100644 --- a/dbskk.te +++ b/dbskk.te @@ -36,7 +36,6 @@ kernel_read_kernel_sysctls(dbskkd_t) @@ -24035,7 +24035,7 @@ index f55c42082..e9d64ab5f 100644 - -miscfiles_read_localization(dbskkd_t) diff --git a/dbus.fc b/dbus.fc -index dda905b9c..558729530 100644 +index dda905b9c2..558729530c 100644 --- a/dbus.fc +++ b/dbus.fc @@ -1,20 +1,29 @@ @@ -24079,7 +24079,7 @@ index dda905b9c..558729530 100644 /var/named/chroot/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0) +') diff --git a/dbus.if b/dbus.if -index 62d22cb46..3b6a2c833 100644 +index 62d22cb460..3b6a2c833c 100644 --- a/dbus.if +++ b/dbus.if @@ -1,4 +1,4 @@ @@ -25001,7 +25001,7 @@ index 62d22cb46..3b6a2c833 100644 + ') diff --git a/dbus.te b/dbus.te -index c9998c80d..843dd09ec 100644 +index c9998c80da..843dd09ec4 100644 --- a/dbus.te +++ b/dbus.te @@ -4,17 +4,15 @@ gen_require(` @@ -25405,7 +25405,7 @@ index c9998c80d..843dd09ec 100644 +kernel_stream_connect(session_bus_type) +systemd_login_read_pid_files(session_bus_type) diff --git a/dcc.fc b/dcc.fc -index 62d3c4e66..cef59a752 100644 +index 62d3c4e666..cef59a7523 100644 --- a/dcc.fc +++ b/dcc.fc @@ -10,6 +10,8 @@ @@ -25418,7 +25418,7 @@ index 62d3c4e66..cef59a752 100644 /usr/sbin/dccd -- gen_context(system_u:object_r:dccd_exec_t,s0) /usr/sbin/dccifd -- gen_context(system_u:object_r:dccifd_exec_t,s0) diff --git a/dcc.if b/dcc.if -index a5c21e0e8..46394219a 100644 +index a5c21e0e87..46394219af 100644 --- a/dcc.if +++ b/dcc.if @@ -173,6 +173,6 @@ interface(`dcc_stream_connect_dccifd',` @@ -25430,7 +25430,7 @@ index a5c21e0e8..46394219a 100644 stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t) ') diff --git a/dcc.te b/dcc.te -index 353fa4a09..a5e912fca 100644 +index 353fa4a09f..a5e912fca2 100644 --- a/dcc.te +++ b/dcc.te @@ -45,7 +45,7 @@ type dcc_var_t; @@ -25583,7 +25583,7 @@ index 353fa4a09..a5e912fca 100644 userdom_dontaudit_search_user_home_dirs(dccm_t) diff --git a/ddclient.if b/ddclient.if -index 5606b4069..cd18cf2a7 100644 +index 5606b40691..cd18cf2a70 100644 --- a/ddclient.if +++ b/ddclient.if @@ -70,9 +70,13 @@ interface(`ddclient_admin',` @@ -25602,7 +25602,7 @@ index 5606b4069..cd18cf2a7 100644 domain_system_change_exemption($1) role_transition $2 ddclient_initrc_exec_t system_r; diff --git a/ddclient.te b/ddclient.te -index a4caa1b5b..42f30662d 100644 +index a4caa1b5b5..42f30662dd 100644 --- a/ddclient.te +++ b/ddclient.te @@ -38,9 +38,13 @@ files_pid_file(ddclient_var_run_t) @@ -25657,7 +25657,7 @@ index a4caa1b5b..42f30662d 100644 sysnet_exec_ifconfig(ddclient_t) sysnet_dns_name_resolve(ddclient_t) diff --git a/ddcprobe.te b/ddcprobe.te -index 8fa4bb994..8f5ffb00a 100644 +index 8fa4bb994b..8f5ffb00a3 100644 --- a/ddcprobe.te +++ b/ddcprobe.te @@ -34,9 +34,7 @@ dev_read_urand(ddcprobe_t) @@ -25671,7 +25671,7 @@ index 8fa4bb994..8f5ffb00a 100644 term_use_all_ttys(ddcprobe_t) term_use_all_ptys(ddcprobe_t) diff --git a/denyhosts.if b/denyhosts.if -index a7326da62..c87b5b7c6 100644 +index a7326da62d..c87b5b7c67 100644 --- a/denyhosts.if +++ b/denyhosts.if @@ -53,6 +53,7 @@ interface(`denyhosts_initrc_domtrans',` @@ -25712,7 +25712,7 @@ index a7326da62..c87b5b7c6 100644 admin_pattern($1, denyhosts_var_lock_t) ') diff --git a/denyhosts.te b/denyhosts.te -index 583a52726..91c4104c7 100644 +index 583a527266..91c4104c7f 100644 --- a/denyhosts.te +++ b/denyhosts.te @@ -25,6 +25,9 @@ logging_log_file(denyhosts_var_log_t) @@ -25764,7 +25764,7 @@ index 583a52726..91c4104c7 100644 + gnome_dontaudit_search_config(denyhosts_t) +') diff --git a/devicekit.fc b/devicekit.fc -index ae49c9d99..b8479873e 100644 +index ae49c9d99f..b8479873e7 100644 --- a/devicekit.fc +++ b/devicekit.fc @@ -11,6 +11,7 @@ @@ -25776,7 +25776,7 @@ index ae49c9d99..b8479873e 100644 /var/lib/DeviceKit-.* gen_context(system_u:object_r:devicekit_var_lib_t,s0) /var/lib/upower(/.*)? gen_context(system_u:object_r:devicekit_var_lib_t,s0) diff --git a/devicekit.if b/devicekit.if -index 8ce99ff48..1bc5d3aea 100644 +index 8ce99ff486..1bc5d3aea7 100644 --- a/devicekit.if +++ b/devicekit.if @@ -1,4 +1,4 @@ @@ -26191,7 +26191,7 @@ index 8ce99ff48..1bc5d3aea 100644 + logging_log_filetrans($1, devicekit_var_log_t, file, "pm-suspend.log") ') diff --git a/devicekit.te b/devicekit.te -index 77a5003c0..8d3dc77cb 100644 +index 77a5003c0d..8d3dc77cbf 100644 --- a/devicekit.te +++ b/devicekit.te @@ -7,15 +7,15 @@ policy_module(devicekit, 1.3.1) @@ -26426,7 +26426,7 @@ index 77a5003c0..8d3dc77cb 100644 +') + diff --git a/dhcp.fc b/dhcp.fc -index 8182c4806..0b9bb9710 100644 +index 8182c4806c..0b9bb9710b 100644 --- a/dhcp.fc +++ b/dhcp.fc @@ -1,6 +1,13 @@ @@ -26445,7 +26445,7 @@ index 8182c4806..0b9bb9710 100644 /var/lib/dhcpd(/.*)? gen_context(system_u:object_r:dhcpd_state_t,s0) /var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0) diff --git a/dhcp.if b/dhcp.if -index c697edbcd..954c090bd 100644 +index c697edbcd0..954c090bd5 100644 --- a/dhcp.if +++ b/dhcp.if @@ -36,7 +36,7 @@ interface(`dhcpd_setattr_state_files',` @@ -26517,7 +26517,7 @@ index c697edbcd..954c090bd 100644 + allow $1 dhcpd_unit_file_t:service all_service_perms; ') diff --git a/dhcp.te b/dhcp.te -index 98a24b989..3ca9fe61a 100644 +index 98a24b9897..3ca9fe61af 100644 --- a/dhcp.te +++ b/dhcp.te @@ -20,6 +20,9 @@ init_daemon_domain(dhcpd_t, dhcpd_exec_t) @@ -26601,7 +26601,7 @@ index 98a24b989..3ca9fe61a 100644 dbus_system_bus_client(dhcpd_t) dbus_connect_system_bus(dhcpd_t) diff --git a/dictd.if b/dictd.if -index 3cc3494bd..cb0a1f4bf 100644 +index 3cc3494bd6..cb0a1f4bfa 100644 --- a/dictd.if +++ b/dictd.if @@ -38,8 +38,11 @@ interface(`dictd_admin',` @@ -26618,7 +26618,7 @@ index 3cc3494bd..cb0a1f4bf 100644 init_labeled_script_domtrans($1, dictd_initrc_exec_t) domain_system_change_exemption($1) diff --git a/dictd.te b/dictd.te -index 433d3c5a0..0dccebfd9 100644 +index 433d3c5a0b..0dccebfd94 100644 --- a/dictd.te +++ b/dictd.te @@ -43,7 +43,6 @@ files_pid_filetrans(dictd_t, dictd_var_run_t, file) @@ -26647,7 +26647,7 @@ index 433d3c5a0..0dccebfd9 100644 optional_policy(` diff --git a/dirmngr.te b/dirmngr.te -index b3b218815..5f917054c 100644 +index b3b218815a..5f917054c7 100644 --- a/dirmngr.te +++ b/dirmngr.te @@ -53,6 +53,5 @@ files_pid_filetrans(dirmngr_t, dirmngr_var_run_t, { dir file }) @@ -26659,7 +26659,7 @@ index b3b218815..5f917054c 100644 miscfiles_read_localization(dirmngr_t) diff --git a/dirsrv-admin.fc b/dirsrv-admin.fc new file mode 100644 -index 000000000..38b17f89f +index 0000000000..38b17f89f8 --- /dev/null +++ b/dirsrv-admin.fc @@ -0,0 +1,17 @@ @@ -26682,7 +26682,7 @@ index 000000000..38b17f89f +/var/lock/subsys/dirsrv-admin -- gen_context(system_u:object_r:dirsrvadmin_lock_t,s0) diff --git a/dirsrv-admin.if b/dirsrv-admin.if new file mode 100644 -index 000000000..0d4e70492 +index 0000000000..0d4e704926 --- /dev/null +++ b/dirsrv-admin.if @@ -0,0 +1,157 @@ @@ -26845,7 +26845,7 @@ index 000000000..0d4e70492 +') diff --git a/dirsrv-admin.te b/dirsrv-admin.te new file mode 100644 -index 000000000..51fb95d13 +index 0000000000..51fb95d13e --- /dev/null +++ b/dirsrv-admin.te @@ -0,0 +1,173 @@ @@ -27024,7 +27024,7 @@ index 000000000..51fb95d13 + diff --git a/dirsrv.fc b/dirsrv.fc new file mode 100644 -index 000000000..0c441124c +index 0000000000..0c441124cf --- /dev/null +++ b/dirsrv.fc @@ -0,0 +1,23 @@ @@ -27053,7 +27053,7 @@ index 000000000..0c441124c +/var/log/dirsrv/ldap-agent.log.* gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0) diff --git a/dirsrv.if b/dirsrv.if new file mode 100644 -index 000000000..943a99c98 +index 0000000000..943a99c98f --- /dev/null +++ b/dirsrv.if @@ -0,0 +1,232 @@ @@ -27291,7 +27291,7 @@ index 000000000..943a99c98 +') diff --git a/dirsrv.te b/dirsrv.te new file mode 100644 -index 000000000..dbddd4aaf +index 0000000000..dbddd4aafb --- /dev/null +++ b/dirsrv.te @@ -0,0 +1,213 @@ @@ -27509,7 +27509,7 @@ index 000000000..dbddd4aaf + snmp_stream_connect(dirsrv_snmp_t) +') diff --git a/distcc.if b/distcc.if -index 24d8c740c..1790ec5dc 100644 +index 24d8c740c5..1790ec5dcb 100644 --- a/distcc.if +++ b/distcc.if @@ -19,7 +19,7 @@ @@ -27522,7 +27522,7 @@ index 24d8c740c..1790ec5dc 100644 ') diff --git a/distcc.te b/distcc.te -index 898b2f433..8a1725b62 100644 +index 898b2f4339..8a1725b623 100644 --- a/distcc.te +++ b/distcc.te @@ -47,7 +47,6 @@ files_pid_filetrans(distccd_t, distccd_var_run_t, file) @@ -27543,7 +27543,7 @@ index 898b2f433..8a1725b62 100644 userdom_dontaudit_search_user_home_dirs(distccd_t) diff --git a/djbdns.if b/djbdns.if -index 671d3c0a1..6d36c951a 100644 +index 671d3c0a15..6d36c951a3 100644 --- a/djbdns.if +++ b/djbdns.if @@ -39,6 +39,23 @@ template(`djbdns_daemontools_domain_template',` @@ -27571,7 +27571,7 @@ index 671d3c0a1..6d36c951a 100644 ##################################### diff --git a/djbdns.te b/djbdns.te -index 87ca536ae..ebd327ad1 100644 +index 87ca536ae3..ebd327ad1a 100644 --- a/djbdns.te +++ b/djbdns.te @@ -48,6 +48,10 @@ corenet_udp_bind_generic_port(djbdns_domain) @@ -27586,7 +27586,7 @@ index 87ca536ae..ebd327ad1 100644 # # axfrdns local policy diff --git a/dkim.fc b/dkim.fc -index 5818418af..674367b3a 100644 +index 5818418af7..674367b3a7 100644 --- a/dkim.fc +++ b/dkim.fc @@ -9,7 +9,6 @@ @@ -27598,7 +27598,7 @@ index 5818418af..674367b3a 100644 /var/run/dkim-milter\.pid -- gen_context(system_u:object_r:dkim_milter_data_t,s0) diff --git a/dmidecode.if b/dmidecode.if -index 41c3f6770..653a1ecbb 100644 +index 41c3f67701..653a1ecbb5 100644 --- a/dmidecode.if +++ b/dmidecode.if @@ -19,6 +19,25 @@ interface(`dmidecode_domtrans',` @@ -27628,7 +27628,7 @@ index 41c3f6770..653a1ecbb 100644 ## ## Execute dmidecode in the dmidecode diff --git a/dmidecode.te b/dmidecode.te -index aa0ef6e94..d55bbd34c 100644 +index aa0ef6e944..d55bbd34c4 100644 --- a/dmidecode.te +++ b/dmidecode.te @@ -31,4 +31,9 @@ mls_file_read_all_levels(dmidecode_t) @@ -27643,7 +27643,7 @@ index aa0ef6e94..d55bbd34c 100644 + rhsmcertd_read_log(dmidecode_t) +') diff --git a/dnsmasq.fc b/dnsmasq.fc -index 23ab808d8..84735a8cb 100644 +index 23ab808d82..84735a8cb3 100644 --- a/dnsmasq.fc +++ b/dnsmasq.fc @@ -1,13 +1,16 @@ @@ -27666,7 +27666,7 @@ index 23ab808d8..84735a8cb 100644 +/var/run/dnsmasq.* gen_context(system_u:object_r:dnsmasq_var_run_t,s0) /var/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0) diff --git a/dnsmasq.if b/dnsmasq.if -index 19aa0b80b..a79982cd6 100644 +index 19aa0b80b9..a79982cd6e 100644 --- a/dnsmasq.if +++ b/dnsmasq.if @@ -10,7 +10,6 @@ @@ -27952,7 +27952,7 @@ index 19aa0b80b..a79982cd6 100644 + + diff --git a/dnsmasq.te b/dnsmasq.te -index 37a3b7b30..3d07c22fa 100644 +index 37a3b7b30e..3d07c22fa4 100644 --- a/dnsmasq.te +++ b/dnsmasq.te @@ -24,12 +24,18 @@ logging_log_file(dnsmasq_var_log_t) @@ -28073,7 +28073,7 @@ index 37a3b7b30..3d07c22fa 100644 +') diff --git a/dnssec.fc b/dnssec.fc new file mode 100644 -index 000000000..1714fa661 +index 0000000000..1714fa6618 --- /dev/null +++ b/dnssec.fc @@ -0,0 +1,6 @@ @@ -28085,7 +28085,7 @@ index 000000000..1714fa661 +/var/run/dnssec.* gen_context(system_u:object_r:dnssec_trigger_var_run_t,s0) diff --git a/dnssec.if b/dnssec.if new file mode 100644 -index 000000000..a846ce030 +index 0000000000..a846ce0308 --- /dev/null +++ b/dnssec.if @@ -0,0 +1,104 @@ @@ -28195,7 +28195,7 @@ index 000000000..a846ce030 +') diff --git a/dnssec.te b/dnssec.te new file mode 100644 -index 000000000..bc3fac51c +index 0000000000..bc3fac51c4 --- /dev/null +++ b/dnssec.te @@ -0,0 +1,81 @@ @@ -28281,7 +28281,7 @@ index 000000000..bc3fac51c + networkmanager_signull(dnssec_trigger_t) +') diff --git a/dnssectrigger.te b/dnssectrigger.te -index c7bb4e782..e6fe2f402 100644 +index c7bb4e782f..e6fe2f402f 100644 --- a/dnssectrigger.te +++ b/dnssectrigger.te @@ -67,8 +67,6 @@ files_read_etc_runtime_files(dnssec_triggerd_t) @@ -28294,7 +28294,7 @@ index c7bb4e782..e6fe2f402 100644 sysnet_manage_config(dnssec_triggerd_t) sysnet_etc_filetrans_config(dnssec_triggerd_t) diff --git a/dovecot.fc b/dovecot.fc -index c88007004..444805588 100644 +index c880070041..444805588a 100644 --- a/dovecot.fc +++ b/dovecot.fc @@ -1,36 +1,48 @@ @@ -28369,7 +28369,7 @@ index c88007004..444805588 100644 -/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0) +/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0) diff --git a/dovecot.if b/dovecot.if -index d5badb755..c2431fc73 100644 +index d5badb7557..c2431fc731 100644 --- a/dovecot.if +++ b/dovecot.if @@ -1,29 +1,49 @@ @@ -28586,7 +28586,7 @@ index d5badb755..c2431fc73 100644 + admin_pattern($1, dovecot_passwd_t) ') diff --git a/dovecot.te b/dovecot.te -index 0aabc7e66..641a03465 100644 +index 0aabc7e663..641a03465a 100644 --- a/dovecot.te +++ b/dovecot.te @@ -7,12 +7,10 @@ policy_module(dovecot, 1.16.1) @@ -29034,7 +29034,7 @@ index 0aabc7e66..641a03465 100644 sendmail_domtrans(dovecot_deliver_t) ') diff --git a/dpkg.te b/dpkg.te -index 50af48c89..5ab49010f 100644 +index 50af48c896..5ab49010f4 100644 --- a/dpkg.te +++ b/dpkg.te @@ -49,7 +49,7 @@ files_tmpfs_file(dpkg_script_tmpfs_t) @@ -29047,7 +29047,7 @@ index 50af48c89..5ab49010f 100644 allow dpkg_t self:fd use; allow dpkg_t self:fifo_file rw_fifo_file_perms; diff --git a/drbd.fc b/drbd.fc -index 671a3fb6f..47b4958d0 100644 +index 671a3fb6f4..47b4958d08 100644 --- a/drbd.fc +++ b/drbd.fc @@ -3,7 +3,7 @@ @@ -29066,7 +29066,7 @@ index 671a3fb6f..47b4958d0 100644 + +/var/run/drbd(/.*)? gen_context(system_u:object_r:drbd_var_run_t,s0) diff --git a/drbd.if b/drbd.if -index 9a2163936..26c59868b 100644 +index 9a21639361..26c59868b4 100644 --- a/drbd.if +++ b/drbd.if @@ -2,12 +2,11 @@ @@ -29208,7 +29208,7 @@ index 9a2163936..26c59868b 100644 ') + diff --git a/drbd.te b/drbd.te -index f2516cc07..af2c2ad81 100644 +index f2516cc073..af2c2ad81d 100644 --- a/drbd.te +++ b/drbd.te @@ -18,38 +18,72 @@ files_type(drbd_var_lib_t) @@ -29291,7 +29291,7 @@ index f2516cc07..af2c2ad81 100644 + rhcs_manage_cluster_lib_files(drbd_t) +') diff --git a/dspam.fc b/dspam.fc -index 5eddac51c..b5fcb7760 100644 +index 5eddac51c8..b5fcb77608 100644 --- a/dspam.fc +++ b/dspam.fc @@ -2,11 +2,16 @@ @@ -29314,7 +29314,7 @@ index 5eddac51c..b5fcb7760 100644 + +/var/lib/dspam/data(/.*)? gen_context(system_u:object_r:dspam_rw_content_t,s0) diff --git a/dspam.if b/dspam.if -index 18f245250..a446210f0 100644 +index 18f2452509..a446210f0d 100644 --- a/dspam.if +++ b/dspam.if @@ -1,13 +1,15 @@ @@ -29589,7 +29589,7 @@ index 18f245250..a446210f0 100644 + ') diff --git a/dspam.te b/dspam.te -index ef6236335..6b0dc19d1 100644 +index ef6236335e..6b0dc19d12 100644 --- a/dspam.te +++ b/dspam.te @@ -28,6 +28,9 @@ files_pid_file(dspam_var_run_t) @@ -29668,7 +29668,7 @@ index ef6236335..6b0dc19d1 100644 + procmail_domtrans(dspam_t) +') diff --git a/entropyd.te b/entropyd.te -index b8b8328c0..e3dc7c72c 100644 +index b8b8328c07..e3dc7c72c8 100644 --- a/entropyd.te +++ b/entropyd.te @@ -12,7 +12,7 @@ policy_module(entropyd, 1.8.0) @@ -29710,7 +29710,7 @@ index b8b8328c0..e3dc7c72c 100644 userdom_dontaudit_search_user_home_dirs(entropyd_t) diff --git a/etcd.fc b/etcd.fc new file mode 100644 -index 000000000..eac30a338 +index 0000000000..eac30a338e --- /dev/null +++ b/etcd.fc @@ -0,0 +1,5 @@ @@ -29721,7 +29721,7 @@ index 000000000..eac30a338 +/var/lib/etcd(/.*)? gen_context(system_u:object_r:etcd_var_lib_t,s0) diff --git a/etcd.if b/etcd.if new file mode 100644 -index 000000000..d1a05a650 +index 0000000000..d1a05a6507 --- /dev/null +++ b/etcd.if @@ -0,0 +1,161 @@ @@ -29888,7 +29888,7 @@ index 000000000..d1a05a650 +') diff --git a/etcd.te b/etcd.te new file mode 100644 -index 000000000..7cee445f6 +index 0000000000..7cee445f6a --- /dev/null +++ b/etcd.te @@ -0,0 +1,42 @@ @@ -29935,7 +29935,7 @@ index 000000000..7cee445f6 + +logging_send_syslog_msg(etcd_t) diff --git a/evolution.fc b/evolution.fc -index 597f305da..85206539c 100644 +index 597f305dae..85206539cc 100644 --- a/evolution.fc +++ b/evolution.fc @@ -1,5 +1,6 @@ @@ -29946,7 +29946,7 @@ index 597f305da..85206539c 100644 /tmp/\.exchange-USER(/.*)? gen_context(system_u:object_r:evolution_exchange_tmp_t,s0) diff --git a/evolution.te b/evolution.te -index c99e07c48..ab9dd9f90 100644 +index c99e07c483..ab9dd9f90f 100644 --- a/evolution.te +++ b/evolution.te @@ -168,7 +168,6 @@ dev_read_urand(evolution_t) @@ -29991,7 +29991,7 @@ index c99e07c48..ab9dd9f90 100644 fs_search_auto_mountpoints(evolution_server_t) diff --git a/exim.if b/exim.if -index 9bbc6907a..4a8d0536b 100644 +index 9bbc6907a9..4a8d0536b4 100644 --- a/exim.if +++ b/exim.if @@ -21,35 +21,51 @@ interface(`exim_domtrans',` @@ -30142,7 +30142,7 @@ index 9bbc6907a..4a8d0536b 100644 role_transition $2 exim_initrc_exec_t system_r; allow $2 system_r; diff --git a/exim.te b/exim.te -index 4086c51b9..3e7a99099 100644 +index 4086c51b90..3e7a99099c 100644 --- a/exim.te +++ b/exim.te @@ -55,7 +55,7 @@ type exim_log_t; @@ -30224,7 +30224,7 @@ index 4086c51b9..3e7a99099 100644 optional_policy(` diff --git a/fail2ban.if b/fail2ban.if -index 50d0084d4..94e193606 100644 +index 50d0084d42..94e1936060 100644 --- a/fail2ban.if +++ b/fail2ban.if @@ -19,57 +19,57 @@ interface(`fail2ban_domtrans',` @@ -30528,7 +30528,7 @@ index 50d0084d4..94e193606 100644 fail2ban_run_client($1, $2) diff --git a/fail2ban.te b/fail2ban.te -index cf0e56772..62fb6587a 100644 +index cf0e567725..62fb6587ae 100644 --- a/fail2ban.te +++ b/fail2ban.te @@ -37,7 +37,7 @@ role fail2ban_client_roles types fail2ban_client_t; @@ -30653,7 +30653,7 @@ index cf0e56772..62fb6587a 100644 + apache_read_log(fail2ban_client_t) +') diff --git a/fcoe.te b/fcoe.te -index ce358fb3f..cdc11a7f9 100644 +index ce358fb3f6..cdc11a7f9b 100644 --- a/fcoe.te +++ b/fcoe.te @@ -20,25 +20,32 @@ files_pid_file(fcoemon_var_run_t) @@ -30694,7 +30694,7 @@ index ce358fb3f..cdc11a7f9 100644 + networkmanager_dgram_send(fcoemon_t) +') diff --git a/fetchmail.fc b/fetchmail.fc -index 133b8ee67..a47a12fe7 100644 +index 133b8ee67d..a47a12fe77 100644 --- a/fetchmail.fc +++ b/fetchmail.fc @@ -1,4 +1,5 @@ @@ -30704,7 +30704,7 @@ index 133b8ee67..a47a12fe7 100644 /etc/fetchmailrc -- gen_context(system_u:object_r:fetchmail_etc_t,s0) diff --git a/fetchmail.if b/fetchmail.if -index c3f791660..cab3954f3 100644 +index c3f7916602..cab3954f3d 100644 --- a/fetchmail.if +++ b/fetchmail.if @@ -23,14 +23,16 @@ interface(`fetchmail_admin',` @@ -30728,7 +30728,7 @@ index c3f791660..cab3954f3 100644 admin_pattern($1, fetchmail_etc_t) diff --git a/fetchmail.te b/fetchmail.te -index 742559a54..fa51d09dd 100644 +index 742559a54d..fa51d09dd0 100644 --- a/fetchmail.te +++ b/fetchmail.te @@ -32,14 +32,18 @@ files_type(fetchmail_uidl_cache_t) @@ -30788,7 +30788,7 @@ index 742559a54..fa51d09dd 100644 optional_policy(` procmail_domtrans(fetchmail_t) diff --git a/finger.te b/finger.te -index 35da09d97..85f1e03d4 100644 +index 35da09d97a..85f1e03d41 100644 --- a/finger.te +++ b/finger.te @@ -45,7 +45,6 @@ logging_log_filetrans(fingerd_t, fingerd_log_t, file) @@ -30825,7 +30825,7 @@ index 35da09d97..85f1e03d4 100644 userdom_dontaudit_use_unpriv_user_fds(fingerd_t) diff --git a/firewalld.fc b/firewalld.fc -index 21d7b8442..0e272bd0e 100644 +index 21d7b84422..0e272bd0e3 100644 --- a/firewalld.fc +++ b/firewalld.fc @@ -1,3 +1,5 @@ @@ -30835,7 +30835,7 @@ index 21d7b8442..0e272bd0e 100644 /etc/firewalld(/.*)? gen_context(system_u:object_r:firewalld_etc_rw_t,s0) diff --git a/firewalld.if b/firewalld.if -index c62c5670a..2d9e254b4 100644 +index c62c5670a3..2d9e254b43 100644 --- a/firewalld.if +++ b/firewalld.if @@ -2,7 +2,7 @@ @@ -30993,7 +30993,7 @@ index c62c5670a..2d9e254b4 100644 + allow $1 firewalld_unit_file_t:service all_service_perms; ') diff --git a/firewalld.te b/firewalld.te -index 98072a3a1..5fd0906be 100644 +index 98072a3a13..5fd0906be6 100644 --- a/firewalld.te +++ b/firewalld.te @@ -21,15 +21,21 @@ logging_log_file(firewalld_var_log_t) @@ -31095,7 +31095,7 @@ index 98072a3a1..5fd0906be 100644 iptables_domtrans(firewalld_t) ') diff --git a/firewallgui.if b/firewallgui.if -index e6866d1fd..941f4ef73 100644 +index e6866d1fd0..941f4ef733 100644 --- a/firewallgui.if +++ b/firewallgui.if @@ -37,5 +37,5 @@ interface(`firewallgui_dontaudit_rw_pipes',` @@ -31106,7 +31106,7 @@ index e6866d1fd..941f4ef73 100644 + dontaudit $1 firewallgui_t:fifo_file rw_inherited_fifo_file_perms; ') diff --git a/firewallgui.te b/firewallgui.te -index 209454664..2481a9704 100644 +index 2094546645..2481a97049 100644 --- a/firewallgui.te +++ b/firewallgui.te @@ -36,8 +36,10 @@ corecmd_exec_shell(firewallgui_t) @@ -31137,7 +31137,7 @@ index 209454664..2481a9704 100644 optional_policy(` diff --git a/firstboot.fc b/firstboot.fc -index 12c782c89..ba614e457 100644 +index 12c782c891..ba614e457b 100644 --- a/firstboot.fc +++ b/firstboot.fc @@ -1,5 +1,3 @@ @@ -31149,7 +31149,7 @@ index 12c782c89..ba614e457 100644 -/usr/share/firstboot/firstboot\.py -- gen_context(system_u:object_r:firstboot_exec_t,s0) +/usr/share/firstboot/firstboot\.py -- gen_context(system_u:object_r:firstboot_exec_t,s0) diff --git a/firstboot.if b/firstboot.if -index 280f875f0..f3a67c911 100644 +index 280f875f0b..f3a67c911b 100644 --- a/firstboot.if +++ b/firstboot.if @@ -1,4 +1,7 @@ @@ -31276,7 +31276,7 @@ index 280f875f0..f3a67c911 100644 ## ## diff --git a/firstboot.te b/firstboot.te -index 5010f04e1..0341ae121 100644 +index 5010f04e1b..0341ae121b 100644 --- a/firstboot.te +++ b/firstboot.te @@ -1,7 +1,7 @@ @@ -31417,7 +31417,7 @@ index 5010f04e1..0341ae121 100644 optional_policy(` diff --git a/fprintd.te b/fprintd.te -index 92a6479a2..66f574fc9 100644 +index 92a6479a28..66f574fc97 100644 --- a/fprintd.te +++ b/fprintd.te @@ -8,6 +8,7 @@ policy_module(fprintd, 1.2.0) @@ -31482,7 +31482,7 @@ index 92a6479a2..66f574fc9 100644 ') diff --git a/freeipmi.fc b/freeipmi.fc new file mode 100644 -index 000000000..0942a2e39 +index 0000000000..0942a2e397 --- /dev/null +++ b/freeipmi.fc @@ -0,0 +1,17 @@ @@ -31505,7 +31505,7 @@ index 000000000..0942a2e39 +/var/run/bmc-watchdog\.pid -- gen_context(system_u:object_r:freeipmi_bmc_watchdog_var_run_t,s0) diff --git a/freeipmi.if b/freeipmi.if new file mode 100644 -index 000000000..dc9485309 +index 0000000000..dc94853095 --- /dev/null +++ b/freeipmi.if @@ -0,0 +1,71 @@ @@ -31582,7 +31582,7 @@ index 000000000..dc9485309 + diff --git a/freeipmi.te b/freeipmi.te new file mode 100644 -index 000000000..b7f52674c +index 0000000000..b7f52674ca --- /dev/null +++ b/freeipmi.te @@ -0,0 +1,81 @@ @@ -31669,14 +31669,14 @@ index 000000000..b7f52674c +files_pid_filetrans(freeipmi_ipmiseld_t, freeipmi_ipmiseld_var_run_t, file, "ipmiseld.pid") diff --git a/freqset.fc b/freqset.fc new file mode 100644 -index 000000000..3cd9c38fd +index 0000000000..3cd9c38fd0 --- /dev/null +++ b/freqset.fc @@ -0,0 +1 @@ +/usr/lib/enlightenment/modules/cpufreq/linux-gnu-[^/]*/freqset -- gen_context(system_u:object_r:freqset_exec_t,s0) diff --git a/freqset.if b/freqset.if new file mode 100644 -index 000000000..190ccc035 +index 0000000000..190ccc0358 --- /dev/null +++ b/freqset.if @@ -0,0 +1,76 @@ @@ -31758,7 +31758,7 @@ index 000000000..190ccc035 +') diff --git a/freqset.te b/freqset.te new file mode 100644 -index 000000000..0d09fbd62 +index 0000000000..0d09fbd62a --- /dev/null +++ b/freqset.te @@ -0,0 +1,34 @@ @@ -31797,7 +31797,7 @@ index 000000000..0d09fbd62 + +userdom_use_inherited_user_terminals(freqset_t) diff --git a/ftp.fc b/ftp.fc -index ddb75c12c..44f74e62f 100644 +index ddb75c12c8..44f74e62fe 100644 --- a/ftp.fc +++ b/ftp.fc @@ -1,5 +1,8 @@ @@ -31810,7 +31810,7 @@ index ddb75c12c..44f74e62f 100644 /etc/rc\.d/init\.d/vsftpd -- gen_context(system_u:object_r:ftpd_initrc_exec_t,s0) diff --git a/ftp.if b/ftp.if -index 44981434b..84a4858b6 100644 +index 44981434b9..84a4858b6f 100644 --- a/ftp.if +++ b/ftp.if @@ -1,5 +1,67 @@ @@ -31905,7 +31905,7 @@ index 44981434b..84a4858b6 100644 ftp_run_ftpdctl($1, $2) ') diff --git a/ftp.te b/ftp.te -index 36838c202..d8066fbd4 100644 +index 36838c2027..d8066fbd48 100644 --- a/ftp.te +++ b/ftp.te @@ -13,7 +13,7 @@ policy_module(ftp, 1.15.1) @@ -32321,7 +32321,7 @@ index 36838c202..d8066fbd4 100644 - fs_read_nfs_symlinks(ftpd_t) -') diff --git a/games.if b/games.if -index e2a3e0dba..50ebd4080 100644 +index e2a3e0dbaa..50ebd4080b 100644 --- a/games.if +++ b/games.if @@ -58,3 +58,23 @@ interface(`games_rw_data',` @@ -32349,7 +32349,7 @@ index e2a3e0dba..50ebd4080 100644 + manage_files_pattern($1, games_data_t, games_data_t) +') diff --git a/games.te b/games.te -index e5b15fb7e..220622e84 100644 +index e5b15fb7ef..220622e848 100644 --- a/games.te +++ b/games.te @@ -76,8 +76,6 @@ init_use_script_ptys(games_srv_t) @@ -32397,7 +32397,7 @@ index e5b15fb7e..220622e84 100644 diff --git a/ganesha.fc b/ganesha.fc new file mode 100644 -index 000000000..610505120 +index 0000000000..6105051204 --- /dev/null +++ b/ganesha.fc @@ -0,0 +1,14 @@ @@ -32417,7 +32417,7 @@ index 000000000..610505120 +/var/run/ganesha(/.*)? gen_context(system_u:object_r:ganesha_var_run_t,s0) diff --git a/ganesha.if b/ganesha.if new file mode 100644 -index 000000000..d9ba5fa27 +index 0000000000..d9ba5fa271 --- /dev/null +++ b/ganesha.if @@ -0,0 +1,147 @@ @@ -32570,7 +32570,7 @@ index 000000000..d9ba5fa27 +') diff --git a/ganesha.te b/ganesha.te new file mode 100644 -index 000000000..591cb272b +index 0000000000..591cb272b7 --- /dev/null +++ b/ganesha.te @@ -0,0 +1,114 @@ @@ -32689,7 +32689,7 @@ index 000000000..591cb272b + fs_getattr_fusefs(ganesha_t) +') diff --git a/gatekeeper.te b/gatekeeper.te -index 28203689c..88c98f481 100644 +index 28203689c8..88c98f4818 100644 --- a/gatekeeper.te +++ b/gatekeeper.te @@ -57,7 +57,6 @@ kernel_read_kernel_sysctls(gatekeeper_t) @@ -32717,7 +32717,7 @@ index 28203689c..88c98f481 100644 userdom_dontaudit_use_unpriv_user_fds(gatekeeper_t) diff --git a/gdomap.te b/gdomap.te -index db7b56c2d..3c2357965 100644 +index db7b56c2d3..3c23579653 100644 --- a/gdomap.te +++ b/gdomap.te @@ -32,6 +32,7 @@ files_pid_filetrans(gdomap_t, gdomap_var_run_t, file, "gdomap.pid") @@ -32730,7 +32730,7 @@ index db7b56c2d..3c2357965 100644 corenet_udp_bind_gdomap_port(gdomap_t) diff --git a/gear.fc b/gear.fc new file mode 100644 -index 000000000..4d7dc9991 +index 0000000000..4d7dc99912 --- /dev/null +++ b/gear.fc @@ -0,0 +1,6 @@ @@ -32742,7 +32742,7 @@ index 000000000..4d7dc9991 +/var/lib/gear(/.*)? gen_context(system_u:object_r:gear_var_lib_t,s0) diff --git a/gear.if b/gear.if new file mode 100644 -index 000000000..2c08004bf +index 0000000000..2c08004bfe --- /dev/null +++ b/gear.if @@ -0,0 +1,288 @@ @@ -33036,7 +33036,7 @@ index 000000000..2c08004bf +') diff --git a/gear.te b/gear.te new file mode 100644 -index 000000000..33dbdf7ec +index 0000000000..33dbdf7ece --- /dev/null +++ b/gear.te @@ -0,0 +1,136 @@ @@ -33178,7 +33178,7 @@ index 000000000..33dbdf7ec +') diff --git a/geoclue.fc b/geoclue.fc new file mode 100644 -index 000000000..a97f14fd9 +index 0000000000..a97f14fd90 --- /dev/null +++ b/geoclue.fc @@ -0,0 +1,4 @@ @@ -33188,7 +33188,7 @@ index 000000000..a97f14fd9 +/var/lib/geoclue(/.*)? gen_context(system_u:object_r:geoclue_var_lib_t,s0) diff --git a/geoclue.if b/geoclue.if new file mode 100644 -index 000000000..cf9f7bfca +index 0000000000..cf9f7bfca9 --- /dev/null +++ b/geoclue.if @@ -0,0 +1,153 @@ @@ -33347,7 +33347,7 @@ index 000000000..cf9f7bfca +') diff --git a/geoclue.te b/geoclue.te new file mode 100644 -index 000000000..efd838f74 +index 0000000000..efd838f74d --- /dev/null +++ b/geoclue.te @@ -0,0 +1,71 @@ @@ -33423,7 +33423,7 @@ index 000000000..efd838f74 + pcscd_stream_connect(geoclue_t) +') diff --git a/gift.te b/gift.te -index 8a820face..996b30c16 100644 +index 8a820face3..996b30c161 100644 --- a/gift.te +++ b/gift.te @@ -67,17 +67,7 @@ auth_use_nsswitch(gift_t) @@ -33471,7 +33471,7 @@ index 8a820face..996b30c16 100644 +userdom_use_inherited_user_terminals(giftd_t) +userdom_home_manager(gitd_t) diff --git a/git.fc b/git.fc -index 24700f84b..6561d568e 100644 +index 24700f84ba..6561d568ed 100644 --- a/git.fc +++ b/git.fc @@ -2,12 +2,12 @@ HOME_DIR/public_git(/.*)? gen_context(system_u:object_r:git_user_content_t,s0) @@ -33494,7 +33494,7 @@ index 24700f84b..6561d568e 100644 +/var/www/git/gitweb\.cgi -- gen_context(system_u:object_r:git_script_exec_t,s0) +/var/www/gitweb-caching/gitweb\.cgi -- gen_context(system_u:object_r:git_script_exec_t,s0) diff --git a/git.if b/git.if -index 1e29af196..6c64f55c3 100644 +index 1e29af1968..6c64f55c36 100644 --- a/git.if +++ b/git.if @@ -37,7 +37,10 @@ template(`git_role',` @@ -33540,7 +33540,7 @@ index 1e29af196..6c64f55c3 100644 + userdom_user_home_dir_filetrans($1, git_user_content_t, dir, "public_git") +') diff --git a/git.te b/git.te -index dc49c715e..43f79d6de 100644 +index dc49c715ed..43f79d6de9 100644 --- a/git.te +++ b/git.te @@ -47,14 +47,6 @@ gen_tunable(git_session_bind_all_unreserved_ports, false) @@ -33717,7 +33717,7 @@ index dc49c715e..43f79d6de 100644 -miscfiles_read_localization(git_daemon) diff --git a/gitosis.te b/gitosis.te -index 582db0a2e..d77a1a549 100644 +index 582db0a2e4..d77a1a5492 100644 --- a/gitosis.te +++ b/gitosis.te @@ -52,12 +52,8 @@ corecmd_exec_shell(gitosis_t) @@ -33734,7 +33734,7 @@ index 582db0a2e..d77a1a549 100644 tunable_policy(`gitosis_can_sendmail',` diff --git a/glance.fc b/glance.fc -index c21a528b5..a746a2b16 100644 +index c21a528b58..a746a2b16e 100644 --- a/glance.fc +++ b/glance.fc @@ -1,8 +1,14 @@ @@ -33754,7 +33754,7 @@ index c21a528b5..a746a2b16 100644 /var/lib/glance(/.*)? gen_context(system_u:object_r:glance_var_lib_t,s0) diff --git a/glance.if b/glance.if -index 9eacb2c9c..7b19ad2db 100644 +index 9eacb2c9c5..7b19ad2db2 100644 --- a/glance.if +++ b/glance.if @@ -1,5 +1,38 @@ @@ -33825,7 +33825,7 @@ index 9eacb2c9c..7b19ad2db 100644 init_labeled_script_domtrans($1, { glance_api_initrc_exec_t glance_registry_initrc_exec_t }) domain_system_change_exemption($1) diff --git a/glance.te b/glance.te -index 5cd09096a..bd3c3d21b 100644 +index 5cd09096a8..bd3c3d21be 100644 --- a/glance.te +++ b/glance.te @@ -5,10 +5,31 @@ policy_module(glance, 1.1.0) @@ -34006,7 +34006,7 @@ index 5cd09096a..bd3c3d21b 100644 +corenet_tcp_connect_glance_registry_port(glance_scrubber_t) diff --git a/glusterd.fc b/glusterd.fc new file mode 100644 -index 000000000..9806f50ae +index 0000000000..9806f50ae1 --- /dev/null +++ b/glusterd.fc @@ -0,0 +1,25 @@ @@ -34037,7 +34037,7 @@ index 000000000..9806f50ae +/var/run/glusterd.* -s gen_context(system_u:object_r:glusterd_var_run_t,s0) diff --git a/glusterd.if b/glusterd.if new file mode 100644 -index 000000000..450146018 +index 0000000000..4501460189 --- /dev/null +++ b/glusterd.if @@ -0,0 +1,302 @@ @@ -34345,7 +34345,7 @@ index 000000000..450146018 + diff --git a/glusterd.te b/glusterd.te new file mode 100644 -index 000000000..382d67a99 +index 0000000000..382d67a996 --- /dev/null +++ b/glusterd.te @@ -0,0 +1,333 @@ @@ -34684,7 +34684,7 @@ index 000000000..382d67a99 +') diff --git a/glusterfs.fc b/glusterfs.fc deleted file mode 100644 -index 4bd6ade46..000000000 +index 4bd6ade465..0000000000 --- a/glusterfs.fc +++ /dev/null @@ -1,16 +0,0 @@ @@ -34706,7 +34706,7 @@ index 4bd6ade46..000000000 -/var/run/glusterd\.pid -- gen_context(system_u:object_r:glusterd_var_run_t,s0) diff --git a/glusterfs.if b/glusterfs.if deleted file mode 100644 -index 05233c86e..000000000 +index 05233c86ed..0000000000 --- a/glusterfs.if +++ /dev/null @@ -1,71 +0,0 @@ @@ -34783,7 +34783,7 @@ index 05233c86e..000000000 -') diff --git a/glusterfs.te b/glusterfs.te deleted file mode 100644 -index 4e95c7e2f..000000000 +index 4e95c7e2f4..0000000000 --- a/glusterfs.te +++ /dev/null @@ -1,105 +0,0 @@ @@ -34893,7 +34893,7 @@ index 4e95c7e2f..000000000 - -miscfiles_read_localization(glusterd_t) diff --git a/gnome.fc b/gnome.fc -index e39de436a..5edcb8330 100644 +index e39de436a2..5edcb8330a 100644 --- a/gnome.fc +++ b/gnome.fc @@ -1,15 +1,60 @@ @@ -34967,7 +34967,7 @@ index e39de436a..5edcb8330 100644 +/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0) +/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0) diff --git a/gnome.if b/gnome.if -index ab09d6195..898f4262a 100644 +index ab09d61950..898f4262a2 100644 --- a/gnome.if +++ b/gnome.if @@ -1,52 +1,76 @@ @@ -37028,7 +37028,7 @@ index ab09d6195..898f4262a 100644 + type_transition $1 gkeyringd_exec_t:process $2; ') diff --git a/gnome.te b/gnome.te -index 63893eb2d..61dd9e336 100644 +index 63893eb2d0..61dd9e336d 100644 --- a/gnome.te +++ b/gnome.te @@ -5,14 +5,33 @@ policy_module(gnome, 2.3.0) @@ -37341,7 +37341,7 @@ index 63893eb2d..61dd9e336 100644 + +userdom_use_inherited_user_terminals(gnomedomain) diff --git a/gnomeclock.fc b/gnomeclock.fc -index f9ba8cd99..690630113 100644 +index f9ba8cd993..690630113f 100644 --- a/gnomeclock.fc +++ b/gnomeclock.fc @@ -1,7 +1,10 @@ @@ -37358,7 +37358,7 @@ index f9ba8cd99..690630113 100644 /usr/lib/gnome-settings-daemon/gsd-datetime-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0) diff --git a/gnomeclock.if b/gnomeclock.if -index 3f55702fb..25c7ab82c 100644 +index 3f55702fb6..25c7ab82cd 100644 --- a/gnomeclock.if +++ b/gnomeclock.if @@ -2,8 +2,7 @@ @@ -37416,7 +37416,7 @@ index 3f55702fb..25c7ab82c 100644 ## ## diff --git a/gnomeclock.te b/gnomeclock.te -index 7cd7435e6..8f26e9862 100644 +index 7cd7435e65..8f26e9862c 100644 --- a/gnomeclock.te +++ b/gnomeclock.te @@ -5,82 +5,95 @@ policy_module(gnomeclock, 1.1.0) @@ -37545,7 +37545,7 @@ index 7cd7435e6..8f26e9862 100644 policykit_read_lib(gnomeclock_t) policykit_read_reload(gnomeclock_t) diff --git a/gpg.fc b/gpg.fc -index 888cd2c68..c02fa5694 100644 +index 888cd2c68b..c02fa56941 100644 --- a/gpg.fc +++ b/gpg.fc @@ -1,10 +1,14 @@ @@ -37568,7 +37568,7 @@ index 888cd2c68..c02fa5694 100644 -/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0) +/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0) diff --git a/gpg.if b/gpg.if -index 180f1b7cc..60be406a9 100644 +index 180f1b7cc7..60be406a9f 100644 --- a/gpg.if +++ b/gpg.if @@ -2,57 +2,79 @@ @@ -37900,7 +37900,7 @@ index 180f1b7cc..60be406a9 100644 + allow $1 gpg_t:process { noatsecure rlimitinh siginh }; +') diff --git a/gpg.te b/gpg.te -index 0e97e82f1..0e6cf4a07 100644 +index 0e97e82f14..0e6cf4a073 100644 --- a/gpg.te +++ b/gpg.te @@ -4,15 +4,7 @@ policy_module(gpg, 2.8.0) @@ -38409,7 +38409,7 @@ index 0e97e82f1..0e6cf4a07 100644 + miscfiles_manage_public_files(gpg_web_t) ') diff --git a/gpm.te b/gpm.te -index 69734fd15..a659808d0 100644 +index 69734fd157..a659808d09 100644 --- a/gpm.te +++ b/gpm.te @@ -13,7 +13,7 @@ type gpm_initrc_exec_t; @@ -38452,7 +38452,7 @@ index 69734fd15..a659808d0 100644 optional_policy(` seutil_sigchld_newrole(gpm_t) diff --git a/gpsd.if b/gpsd.if -index 92eb56418..8aa8f6698 100644 +index 92eb564186..8aa8f66986 100644 --- a/gpsd.if +++ b/gpsd.if @@ -63,6 +63,7 @@ interface(`gpsd_rw_shm',` @@ -38464,7 +38464,7 @@ index 92eb56418..8aa8f6698 100644 ') diff --git a/gpsd.te b/gpsd.te -index fe3895ece..ce48f6c49 100644 +index fe3895ece7..ce48f6c496 100644 --- a/gpsd.te +++ b/gpsd.te @@ -28,15 +28,17 @@ files_pid_file(gpsd_var_run_t) @@ -38505,7 +38505,7 @@ index fe3895ece..ce48f6c49 100644 chronyd_stream_connect(gpsd_t) diff --git a/gssproxy.fc b/gssproxy.fc new file mode 100644 -index 000000000..f4659d125 +index 0000000000..f4659d1252 --- /dev/null +++ b/gssproxy.fc @@ -0,0 +1,8 @@ @@ -38519,7 +38519,7 @@ index 000000000..f4659d125 +/var/run/gssproxy\.sock -s gen_context(system_u:object_r:gssproxy_var_run_t,s0) diff --git a/gssproxy.if b/gssproxy.if new file mode 100644 -index 000000000..8a2013af9 +index 0000000000..8a2013af9b --- /dev/null +++ b/gssproxy.if @@ -0,0 +1,217 @@ @@ -38742,7 +38742,7 @@ index 000000000..8a2013af9 +') diff --git a/gssproxy.te b/gssproxy.te new file mode 100644 -index 000000000..79e22c58a +index 0000000000..79e22c58a6 --- /dev/null +++ b/gssproxy.te @@ -0,0 +1,74 @@ @@ -38821,7 +38821,7 @@ index 000000000..79e22c58a + kerberos_manage_host_rcache(gssproxy_t) +') diff --git a/guest.if b/guest.if -index ad1653f9a..ff424b8e7 100644 +index ad1653f9ad..ff424b8e7f 100644 --- a/guest.if +++ b/guest.if @@ -1,4 +1,4 @@ @@ -38831,7 +38831,7 @@ index ad1653f9a..ff424b8e7 100644 ######################################## ## diff --git a/guest.te b/guest.te -index 19cdbe1d7..060577633 100644 +index 19cdbe1d74..0605776333 100644 --- a/guest.te +++ b/guest.te @@ -20,4 +20,4 @@ optional_policy(` @@ -38841,7 +38841,7 @@ index 19cdbe1d7..060577633 100644 -#gen_user(guest_u, user, guest_r, s0, s0) +gen_user(guest_u, user, guest_r, s0, s0) diff --git a/hadoop.te b/hadoop.te -index e15137840..04d173d1d 100644 +index e151378405..04d173d1d0 100644 --- a/hadoop.te +++ b/hadoop.te @@ -155,7 +155,6 @@ dev_read_urand(hadoop_t) @@ -38878,7 +38878,7 @@ index e15137840..04d173d1d 100644 fs_getattr_xattr_fs(zookeeper_server_t) diff --git a/hal.te b/hal.te -index bbccc79f1..b02720214 100644 +index bbccc79f16..b02720214b 100644 --- a/hal.te +++ b/hal.te @@ -61,7 +61,6 @@ files_type(hald_var_lib_t) @@ -38916,7 +38916,7 @@ index bbccc79f1..b02720214 100644 logging_search_logs(hald_keymap_t) diff --git a/hddtemp.if b/hddtemp.if -index 1728071d0..6e2d333d9 100644 +index 1728071d0e..6e2d333d9b 100644 --- a/hddtemp.if +++ b/hddtemp.if @@ -19,6 +19,32 @@ interface(`hddtemp_domtrans',` @@ -38968,7 +38968,7 @@ index 1728071d0..6e2d333d9 100644 domain_system_change_exemption($1) role_transition $2 hddtemp_initrc_exec_t system_r; diff --git a/hddtemp.te b/hddtemp.te -index 9e11b9822..6338ea761 100644 +index 9e11b98222..6338ea7611 100644 --- a/hddtemp.te +++ b/hddtemp.te @@ -4,10 +4,12 @@ policy_module(hddtemp, 1.2.0) @@ -39009,7 +39009,7 @@ index 9e11b9822..6338ea761 100644 -miscfiles_read_localization(hddtemp_t) diff --git a/hostapd.fc b/hostapd.fc new file mode 100644 -index 000000000..0ca97b84b +index 0000000000..0ca97b84b1 --- /dev/null +++ b/hostapd.fc @@ -0,0 +1,5 @@ @@ -39021,7 +39021,7 @@ index 000000000..0ca97b84b \ No newline at end of file diff --git a/hostapd.if b/hostapd.if new file mode 100644 -index 000000000..d0016da91 +index 0000000000..d0016da914 --- /dev/null +++ b/hostapd.if @@ -0,0 +1,101 @@ @@ -39128,7 +39128,7 @@ index 000000000..d0016da91 +') diff --git a/hostapd.te b/hostapd.te new file mode 100644 -index 000000000..ef3f6a939 +index 0000000000..ef3f6a9390 --- /dev/null +++ b/hostapd.te @@ -0,0 +1,51 @@ @@ -39184,7 +39184,7 @@ index 000000000..ef3f6a939 + +miscfiles_read_localization(hostapd_t) diff --git a/howl.te b/howl.te -index b9e60ecfb..0477728a0 100644 +index b9e60ecfbd..0477728a06 100644 --- a/howl.te +++ b/howl.te @@ -36,7 +36,6 @@ kernel_request_load_module(howl_t) @@ -39206,7 +39206,7 @@ index b9e60ecfb..0477728a0 100644 diff --git a/hsqldb.fc b/hsqldb.fc new file mode 100644 -index 000000000..aa92d7118 +index 0000000000..aa92d7118e --- /dev/null +++ b/hsqldb.fc @@ -0,0 +1,7 @@ @@ -39219,7 +39219,7 @@ index 000000000..aa92d7118 +/var/lib/hsqldb(/.*)? gen_context(system_u:object_r:hsqldb_var_lib_t,s0) diff --git a/hsqldb.if b/hsqldb.if new file mode 100644 -index 000000000..f43f7489f +index 0000000000..f43f7489f6 --- /dev/null +++ b/hsqldb.if @@ -0,0 +1,241 @@ @@ -39466,7 +39466,7 @@ index 000000000..f43f7489f +') diff --git a/hsqldb.te b/hsqldb.te new file mode 100644 -index 000000000..8035eaf53 +index 0000000000..8035eaf537 --- /dev/null +++ b/hsqldb.te @@ -0,0 +1,61 @@ @@ -39533,7 +39533,7 @@ index 000000000..8035eaf53 +sysnet_read_config(hsqldb_t) diff --git a/hwloc.fc b/hwloc.fc new file mode 100644 -index 000000000..d0c5a1502 +index 0000000000..d0c5a15020 --- /dev/null +++ b/hwloc.fc @@ -0,0 +1,5 @@ @@ -39544,7 +39544,7 @@ index 000000000..d0c5a1502 +/var/run/hwloc(/.*)? gen_context(system_u:object_r:hwloc_var_run_t,s0) diff --git a/hwloc.if b/hwloc.if new file mode 100644 -index 000000000..f98e16612 +index 0000000000..f98e166126 --- /dev/null +++ b/hwloc.if @@ -0,0 +1,110 @@ @@ -39660,7 +39660,7 @@ index 000000000..f98e16612 +') diff --git a/hwloc.te b/hwloc.te new file mode 100644 -index 000000000..0f45fd50e +index 0000000000..0f45fd50e3 --- /dev/null +++ b/hwloc.te @@ -0,0 +1,31 @@ @@ -39696,7 +39696,7 @@ index 000000000..0f45fd50e + +dev_read_sysfs(hwloc_dhwd_t) diff --git a/hypervkvp.fc b/hypervkvp.fc -index b46130ef5..e2ae3b22b 100644 +index b46130ef50..e2ae3b22b8 100644 --- a/hypervkvp.fc +++ b/hypervkvp.fc @@ -1,3 +1,10 @@ @@ -39713,7 +39713,7 @@ index b46130ef5..e2ae3b22b 100644 + +/var/lib/hyperv(/.*)? gen_context(system_u:object_r:hypervkvp_var_lib_t,s0) diff --git a/hypervkvp.if b/hypervkvp.if -index 6517fadbb..f1837481b 100644 +index 6517fadbb3..f1837481b0 100644 --- a/hypervkvp.if +++ b/hypervkvp.if @@ -1,32 +1,135 @@ @@ -39866,7 +39866,7 @@ index 6517fadbb..f1837481b 100644 + allow $1 hypervkvp_unit_file_t:service all_service_perms; ') diff --git a/hypervkvp.te b/hypervkvp.te -index 4eb7041ef..bce3f60a9 100644 +index 4eb7041ef3..bce3f60a92 100644 --- a/hypervkvp.te +++ b/hypervkvp.te @@ -5,24 +5,161 @@ policy_module(hypervkvp, 1.0.0) @@ -40043,7 +40043,7 @@ index 4eb7041ef..bce3f60a9 100644 -sysnet_dns_name_resolve(hypervkvpd_t) +storage_raw_read_fixed_disk(hypervvssd_t) diff --git a/i18n_input.te b/i18n_input.te -index 369a0566b..65fde93d9 100644 +index 369a0566b0..65fde93d9e 100644 --- a/i18n_input.te +++ b/i18n_input.te @@ -45,7 +45,6 @@ can_exec(i18n_input_t, i18n_input_exec_t) @@ -40085,7 +40085,7 @@ index 369a0566b..65fde93d9 100644 optional_policy(` canna_stream_connect(i18n_input_t) diff --git a/icecast.if b/icecast.if -index 580b533ce..c267cea58 100644 +index 580b533ce7..c267cea588 100644 --- a/icecast.if +++ b/icecast.if @@ -176,6 +176,14 @@ interface(`icecast_admin',` @@ -40104,7 +40104,7 @@ index 580b533ce..c267cea58 100644 domain_system_change_exemption($1) role_transition $2 icecast_initrc_exec_t system_r; diff --git a/icecast.te b/icecast.te -index a9e573a50..9a9245f49 100644 +index a9e573a501..9a9245f49a 100644 --- a/icecast.te +++ b/icecast.te @@ -32,7 +32,7 @@ files_pid_file(icecast_var_run_t) @@ -40130,7 +40130,7 @@ index a9e573a50..9a9245f49 100644 tunable_policy(`icecast_use_any_tcp_ports',` corenet_tcp_connect_all_ports(icecast_t) diff --git a/ifplugd.if b/ifplugd.if -index 899989996..96909ae6a 100644 +index 8999899962..96909ae6ae 100644 --- a/ifplugd.if +++ b/ifplugd.if @@ -119,7 +119,7 @@ interface(`ifplugd_admin',` @@ -40143,7 +40143,7 @@ index 899989996..96909ae6a 100644 init_labeled_script_domtrans($1, ifplugd_initrc_exec_t) diff --git a/ifplugd.te b/ifplugd.te -index b0546b43b..98d7326a8 100644 +index b0546b43b1..98d7326a8f 100644 --- a/ifplugd.te +++ b/ifplugd.te @@ -10,7 +10,7 @@ type ifplugd_exec_t; @@ -40171,7 +40171,7 @@ index b0546b43b..98d7326a8 100644 sysnet_domtrans_ifconfig(ifplugd_t) diff --git a/imaze.te b/imaze.te -index 1eb24d8c8..b320d51ae 100644 +index 1eb24d8c89..b320d51ae4 100644 --- a/imaze.te +++ b/imaze.te @@ -45,7 +45,6 @@ kernel_list_proc(imazesrv_t) @@ -40192,7 +40192,7 @@ index 1eb24d8c8..b320d51ae 100644 userdom_dontaudit_search_user_home_dirs(imazesrv_t) diff --git a/inetd.if b/inetd.if -index fbb54e7d8..05c377768 100644 +index fbb54e7d8d..05c3777686 100644 --- a/inetd.if +++ b/inetd.if @@ -37,6 +37,12 @@ interface(`inetd_core_service_domain',` @@ -40209,7 +40209,7 @@ index fbb54e7d8..05c377768 100644 ######################################## diff --git a/inetd.te b/inetd.te -index c6450df8a..0c88e1cf7 100644 +index c6450df8ae..0c88e1cf70 100644 --- a/inetd.te +++ b/inetd.te @@ -37,9 +37,9 @@ ifdef(`enable_mcs',` @@ -40325,7 +40325,7 @@ index c6450df8a..0c88e1cf7 100644 optional_policy(` unconfined_domain(inetd_child_t) diff --git a/inn.fc b/inn.fc -index 8c0a48b1d..b9eabf145 100644 +index 8c0a48b1d1..b9eabf1455 100644 --- a/inn.fc +++ b/inn.fc @@ -3,6 +3,8 @@ @@ -40418,7 +40418,7 @@ index 8c0a48b1d..b9eabf145 100644 /var/run/innd(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0) /var/run/innd\.pid -- gen_context(system_u:object_r:innd_var_run_t,s0) diff --git a/inn.if b/inn.if -index eb87f2341..d3d32c3ad 100644 +index eb87f23416..d3d32c3ad7 100644 --- a/inn.if +++ b/inn.if @@ -124,6 +124,7 @@ interface(`inn_read_config',` @@ -40486,7 +40486,7 @@ index eb87f2341..d3d32c3ad 100644 init_labeled_script_domtrans($1, innd_initrc_exec_t) diff --git a/inn.te b/inn.te -index d39f0cc51..fc0bd082b 100644 +index d39f0cc51e..fc0bd082b3 100644 --- a/inn.te +++ b/inn.te @@ -15,6 +15,9 @@ files_config_file(innd_etc_t) @@ -40574,7 +40574,7 @@ index d39f0cc51..fc0bd082b 100644 mta_send_mail(innd_t) diff --git a/iodine.fc b/iodine.fc -index ca07a8744..6ea129cf6 100644 +index ca07a8744e..6ea129cf63 100644 --- a/iodine.fc +++ b/iodine.fc @@ -1,3 +1,5 @@ @@ -40584,7 +40584,7 @@ index ca07a8744..6ea129cf6 100644 + /usr/sbin/iodined -- gen_context(system_u:object_r:iodined_exec_t,s0) diff --git a/iodine.if b/iodine.if -index a0bfbd04f..8dc7c3e31 100644 +index a0bfbd04f1..8dc7c3e31e 100644 --- a/iodine.if +++ b/iodine.if @@ -1,5 +1,49 @@ @@ -40638,7 +40638,7 @@ index a0bfbd04f..8dc7c3e31 100644 ## ## All of the rules required to diff --git a/iodine.te b/iodine.te -index d443feee4..6cbbf7d84 100644 +index d443feee45..6cbbf7d847 100644 --- a/iodine.te +++ b/iodine.te @@ -12,6 +12,9 @@ init_daemon_domain(iodined_t, iodined_exec_t) @@ -40662,14 +40662,14 @@ index d443feee4..6cbbf7d84 100644 diff --git a/iotop.fc b/iotop.fc new file mode 100644 -index 000000000..c8d2deac2 +index 0000000000..c8d2deac26 --- /dev/null +++ b/iotop.fc @@ -0,0 +1 @@ +/usr/sbin/iotop -- gen_context(system_u:object_r:iotop_exec_t,s0) diff --git a/iotop.if b/iotop.if new file mode 100644 -index 000000000..7fc3464e6 +index 0000000000..7fc3464e60 --- /dev/null +++ b/iotop.if @@ -0,0 +1,46 @@ @@ -40721,7 +40721,7 @@ index 000000000..7fc3464e6 +') diff --git a/iotop.te b/iotop.te new file mode 100644 -index 000000000..61f2003c8 +index 0000000000..61f2003c8e --- /dev/null +++ b/iotop.te @@ -0,0 +1,39 @@ @@ -40766,7 +40766,7 @@ index 000000000..61f2003c8 +userdom_use_user_terminals(iotop_t) diff --git a/ipa.fc b/ipa.fc new file mode 100644 -index 000000000..0fe7ec597 +index 0000000000..0fe7ec5974 --- /dev/null +++ b/ipa.fc @@ -0,0 +1,25 @@ @@ -40797,7 +40797,7 @@ index 000000000..0fe7ec597 + diff --git a/ipa.if b/ipa.if new file mode 100644 -index 000000000..c54d3d492 +index 0000000000..c54d3d4922 --- /dev/null +++ b/ipa.if @@ -0,0 +1,293 @@ @@ -41096,7 +41096,7 @@ index 000000000..c54d3d492 +') diff --git a/ipa.te b/ipa.te new file mode 100644 -index 000000000..2e45bfd1f +index 0000000000..2e45bfd1f2 --- /dev/null +++ b/ipa.te @@ -0,0 +1,222 @@ @@ -41324,7 +41324,7 @@ index 000000000..2e45bfd1f +') diff --git a/ipmievd.fc b/ipmievd.fc new file mode 100644 -index 000000000..0f598ca9f +index 0000000000..0f598ca9fb --- /dev/null +++ b/ipmievd.fc @@ -0,0 +1,9 @@ @@ -41339,7 +41339,7 @@ index 000000000..0f598ca9f +/var/lock/subsys/ipmi -- gen_context(system_u:object_r:ipmievd_lock_t,s0) diff --git a/ipmievd.if b/ipmievd.if new file mode 100644 -index 000000000..e86db5418 +index 0000000000..e86db54188 --- /dev/null +++ b/ipmievd.if @@ -0,0 +1,120 @@ @@ -41465,7 +41465,7 @@ index 000000000..e86db5418 +') diff --git a/ipmievd.te b/ipmievd.te new file mode 100644 -index 000000000..272487e09 +index 0000000000..272487e096 --- /dev/null +++ b/ipmievd.te @@ -0,0 +1,55 @@ @@ -41525,7 +41525,7 @@ index 000000000..272487e09 +modutils_exec_insmod(ipmievd_t) +modutils_read_module_config(ipmievd_t) diff --git a/irc.fc b/irc.fc -index 48e7739f9..1bf0326cd 100644 +index 48e7739f94..1bf0326cdc 100644 --- a/irc.fc +++ b/irc.fc @@ -1,6 +1,6 @@ @@ -41537,7 +41537,7 @@ index 48e7739f9..1bf0326cd 100644 /etc/irssi\.conf -- gen_context(system_u:object_r:irc_conf_t,s0) diff --git a/irc.if b/irc.if -index ac00fb0fb..36ef2e59c 100644 +index ac00fb0fbc..36ef2e59cb 100644 --- a/irc.if +++ b/irc.if @@ -20,6 +20,7 @@ interface(`irc_role',` @@ -41600,7 +41600,7 @@ index ac00fb0fb..36ef2e59c 100644 + userdom_user_home_dir_filetrans($1, irssi_home_t, dir, "irclogs") ') diff --git a/irc.te b/irc.te -index 263650367..5910c5931 100644 +index 2636503679..5910c59315 100644 --- a/irc.te +++ b/irc.te @@ -31,13 +31,35 @@ typealias irc_home_t alias { user_irc_home_t staff_irc_home_t sysadm_irc_home_t @@ -41779,7 +41779,7 @@ index 263650367..5910c5931 100644 seutil_use_newrole_fds(irc_t) ') diff --git a/ircd.if b/ircd.if -index ade980323..3620c9a67 100644 +index ade9803231..3620c9a674 100644 --- a/ircd.if +++ b/ircd.if @@ -33,8 +33,8 @@ interface(`ircd_admin',` @@ -41794,7 +41794,7 @@ index ade980323..3620c9a67 100644 files_search_var_lib($1) diff --git a/ircd.te b/ircd.te -index efaf4b10a..bd1a132ac 100644 +index efaf4b10ad..bd1a132acd 100644 --- a/ircd.te +++ b/ircd.te @@ -52,7 +52,6 @@ kernel_read_kernel_sysctls(ircd_t) @@ -41815,7 +41815,7 @@ index efaf4b10a..bd1a132ac 100644 userdom_dontaudit_search_user_home_dirs(ircd_t) diff --git a/irqbalance.te b/irqbalance.te -index e1f302ddb..1e5418a2e 100644 +index e1f302ddb6..1e5418a2e0 100644 --- a/irqbalance.te +++ b/irqbalance.te @@ -35,7 +35,6 @@ kernel_rw_irq_sysctls(irqbalance_t) @@ -41836,7 +41836,7 @@ index e1f302ddb..1e5418a2e 100644 userdom_dontaudit_search_user_home_dirs(irqbalance_t) diff --git a/iscsi.fc b/iscsi.fc -index 08b756047..417e63004 100644 +index 08b7560479..417e630049 100644 --- a/iscsi.fc +++ b/iscsi.fc @@ -1,19 +1,18 @@ @@ -41864,7 +41864,7 @@ index 08b756047..417e63004 100644 +/usr/lib/systemd/system/((iscsi)|(iscsid)|(iscsiuio))\.service -- gen_context(system_u:object_r:iscsi_unit_file_t,s0) +/usr/lib/systemd/system/((iscsid)|(iscsiuio))\.socket -- gen_context(system_u:object_r:iscsi_unit_file_t,s0) diff --git a/iscsi.if b/iscsi.if -index 1a354203e..77004ecad 100644 +index 1a354203e8..77004ecad1 100644 --- a/iscsi.if +++ b/iscsi.if @@ -17,6 +17,53 @@ interface(`iscsid_domtrans',` @@ -42004,7 +42004,7 @@ index 1a354203e..77004ecad 100644 logging_search_logs($1) admin_pattern($1, iscsi_log_t) diff --git a/iscsi.te b/iscsi.te -index ca020faa9..5b3ff1668 100644 +index ca020faa98..5b3ff1668c 100644 --- a/iscsi.te +++ b/iscsi.te @@ -5,12 +5,15 @@ policy_module(iscsi, 1.9.0) @@ -42124,7 +42124,7 @@ index ca020faa9..5b3ff1668 100644 + kdump_rw_inherited_kdumpctl_tmp_pipes(iscsid_t) +') diff --git a/isns.te b/isns.te -index bc1103493..5a8ae798f 100644 +index bc11034932..5a8ae798fa 100644 --- a/isns.te +++ b/isns.te @@ -26,6 +26,7 @@ files_pid_file(isnsd_var_run_t) @@ -42158,7 +42158,7 @@ index bc1103493..5a8ae798f 100644 - -sysnet_dns_name_resolve(isnsd_t) diff --git a/jabber.fc b/jabber.fc -index 59ad3b3c4..bd02cc87d 100644 +index 59ad3b3c4d..bd02cc87d8 100644 --- a/jabber.fc +++ b/jabber.fc @@ -1,25 +1,18 @@ @@ -42200,7 +42200,7 @@ index 59ad3b3c4..bd02cc87d 100644 + +/var/spool/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_var_spool_t,s0) diff --git a/jabber.if b/jabber.if -index 7eb381121..8075ba5f0 100644 +index 7eb3811219..8075ba5f00 100644 --- a/jabber.if +++ b/jabber.if @@ -1,29 +1,76 @@ @@ -42411,7 +42411,7 @@ index 7eb381121..8075ba5f0 100644 - admin_pattern($1, jabberd_var_run_t) ') diff --git a/jabber.te b/jabber.te -index af67c36ee..4755e0af8 100644 +index af67c36ee9..4755e0af81 100644 --- a/jabber.te +++ b/jabber.te @@ -9,129 +9,137 @@ attribute jabberd_domain; @@ -42629,7 +42629,7 @@ index af67c36ee..4755e0af8 100644 -auth_use_nsswitch(jabberd_router_t) +sysnet_read_config(jabberd_domain) diff --git a/java.te b/java.te -index a7ae1531b..6341e3119 100644 +index a7ae1531b3..6341e31199 100644 --- a/java.te +++ b/java.te @@ -11,7 +11,7 @@ policy_module(java, 2.7.0) @@ -42665,7 +42665,7 @@ index a7ae1531b..6341e3119 100644 libs_legacy_use_shared_libs(java_domain) diff --git a/jetty.fc b/jetty.fc new file mode 100644 -index 000000000..1725b7e69 +index 0000000000..1725b7e692 --- /dev/null +++ b/jetty.fc @@ -0,0 +1,9 @@ @@ -42680,7 +42680,7 @@ index 000000000..1725b7e69 + diff --git a/jetty.if b/jetty.if new file mode 100644 -index 000000000..2abc285a7 +index 0000000000..2abc285a75 --- /dev/null +++ b/jetty.if @@ -0,0 +1,268 @@ @@ -42954,7 +42954,7 @@ index 000000000..2abc285a7 +') diff --git a/jetty.te b/jetty.te new file mode 100644 -index 000000000..af510eac6 +index 0000000000..af510eac64 --- /dev/null +++ b/jetty.te @@ -0,0 +1,25 @@ @@ -42984,7 +42984,7 @@ index 000000000..af510eac6 + +# No local policy. This module just contains type definitions diff --git a/jockey.if b/jockey.if -index 2fb7a20fa..c6ba00798 100644 +index 2fb7a20fad..c6ba007988 100644 --- a/jockey.if +++ b/jockey.if @@ -1 +1,131 @@ @@ -43121,7 +43121,7 @@ index 2fb7a20fa..c6ba00798 100644 + ') +') diff --git a/jockey.te b/jockey.te -index d59ec10a2..a46018d04 100644 +index d59ec10a21..a46018d042 100644 --- a/jockey.te +++ b/jockey.te @@ -15,6 +15,9 @@ files_type(jockey_cache_t) @@ -43170,14 +43170,14 @@ index d59ec10a2..a46018d04 100644 ') diff --git a/journalctl.fc b/journalctl.fc new file mode 100644 -index 000000000..f27065286 +index 0000000000..f270652865 --- /dev/null +++ b/journalctl.fc @@ -0,0 +1 @@ +/usr/bin/journalctl -- gen_context(system_u:object_r:journalctl_exec_t,s0) diff --git a/journalctl.if b/journalctl.if new file mode 100644 -index 000000000..17126b64c +index 0000000000..17126b64c0 --- /dev/null +++ b/journalctl.if @@ -0,0 +1,95 @@ @@ -43278,7 +43278,7 @@ index 000000000..17126b64c +') diff --git a/journalctl.te b/journalctl.te new file mode 100644 -index 000000000..68dd2b7d6 +index 0000000000..68dd2b7d6f --- /dev/null +++ b/journalctl.te @@ -0,0 +1,47 @@ @@ -43331,14 +43331,14 @@ index 000000000..68dd2b7d6 +userdom_rw_inherited_user_home_content_files(journalctl_t) diff --git a/kde.fc b/kde.fc new file mode 100644 -index 000000000..25e4b6817 +index 0000000000..25e4b6817e --- /dev/null +++ b/kde.fc @@ -0,0 +1 @@ +#/usr/libexec/kde(3|4)/backlighthelper -- gen_context(system_u:object_r:kdebacklighthelper_exec_t,s0) diff --git a/kde.if b/kde.if new file mode 100644 -index 000000000..cf6557769 +index 0000000000..cf6557769d --- /dev/null +++ b/kde.if @@ -0,0 +1,22 @@ @@ -43366,7 +43366,7 @@ index 000000000..cf6557769 +') diff --git a/kde.te b/kde.te new file mode 100644 -index 000000000..dbe3f038d +index 0000000000..dbe3f038d5 --- /dev/null +++ b/kde.te @@ -0,0 +1,41 @@ @@ -43412,7 +43412,7 @@ index 000000000..dbe3f038d +') + diff --git a/kdump.fc b/kdump.fc -index a49ae4e91..0c0e987a8 100644 +index a49ae4e918..0c0e987a8b 100644 --- a/kdump.fc +++ b/kdump.fc @@ -1,13 +1,16 @@ @@ -43440,7 +43440,7 @@ index a49ae4e91..0c0e987a8 100644 + +/var/lock/kdump(/.*)? gen_context(system_u:object_r:kdump_lock_t,s0) diff --git a/kdump.if b/kdump.if -index 3a00b3a13..15c709f08 100644 +index 3a00b3a138..15c709f08b 100644 --- a/kdump.if +++ b/kdump.if @@ -1,4 +1,4 @@ @@ -43737,7 +43737,7 @@ index 3a00b3a13..15c709f08 100644 +') + diff --git a/kdump.te b/kdump.te -index 715fc211c..41e1154ae 100644 +index 715fc211cc..41e1154aea 100644 --- a/kdump.te +++ b/kdump.te @@ -12,34 +12,59 @@ init_system_domain(kdump_t, kdump_exec_t) @@ -43928,7 +43928,7 @@ index 715fc211c..41e1154ae 100644 + unconfined_domain(kdumpctl_t) ') diff --git a/kdumpgui.if b/kdumpgui.if -index 182ab8b58..8b1d9c23c 100644 +index 182ab8b585..8b1d9c23cb 100644 --- a/kdumpgui.if +++ b/kdumpgui.if @@ -1 +1,23 @@ @@ -43957,7 +43957,7 @@ index 182ab8b58..8b1d9c23c 100644 +') + diff --git a/kdumpgui.te b/kdumpgui.te -index 2990962b6..abd217f1d 100644 +index 2990962b6a..abd217f1d6 100644 --- a/kdumpgui.te +++ b/kdumpgui.te @@ -5,79 +5,89 @@ policy_module(kdumpgui, 1.2.0) @@ -44082,7 +44082,7 @@ index 2990962b6..abd217f1d 100644 ') diff --git a/keepalived.fc b/keepalived.fc new file mode 100644 -index 000000000..9a19f91f3 +index 0000000000..9a19f91f3a --- /dev/null +++ b/keepalived.fc @@ -0,0 +1,7 @@ @@ -44095,7 +44095,7 @@ index 000000000..9a19f91f3 +/var/run/keepalived.* -- gen_context(system_u:object_r:keepalived_var_run_t,s0) diff --git a/keepalived.if b/keepalived.if new file mode 100644 -index 000000000..bd7e7fa17 +index 0000000000..bd7e7fa17d --- /dev/null +++ b/keepalived.if @@ -0,0 +1,80 @@ @@ -44181,7 +44181,7 @@ index 000000000..bd7e7fa17 +') diff --git a/keepalived.te b/keepalived.te new file mode 100644 -index 000000000..eb1bb07eb +index 0000000000..eb1bb07eb8 --- /dev/null +++ b/keepalived.te @@ -0,0 +1,119 @@ @@ -44305,7 +44305,7 @@ index 000000000..eb1bb07eb + ') +') diff --git a/kerberos.fc b/kerberos.fc -index 4fe75fd63..3504a9bf7 100644 +index 4fe75fd63e..3504a9bf74 100644 --- a/kerberos.fc +++ b/kerberos.fc @@ -1,52 +1,54 @@ @@ -44401,7 +44401,7 @@ index 4fe75fd63..3504a9bf7 100644 +/var/tmp/ldap_487 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0) +/var/tmp/ldap_55 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0) diff --git a/kerberos.if b/kerberos.if -index f6c00d8e6..79ea4d8d2 100644 +index f6c00d8e60..79ea4d8d28 100644 --- a/kerberos.if +++ b/kerberos.if @@ -1,27 +1,29 @@ @@ -45147,7 +45147,7 @@ index f6c00d8e6..79ea4d8d2 100644 + kerberos_tmp_filetrans_host_rcache($1, "ldap_55") ') diff --git a/kerberos.te b/kerberos.te -index 8833d596d..3519d8b7b 100644 +index 8833d596d0..3519d8b7b8 100644 --- a/kerberos.te +++ b/kerberos.te @@ -6,11 +6,11 @@ policy_module(kerberos, 1.12.0) @@ -45528,7 +45528,7 @@ index 8833d596d..3519d8b7b 100644 seutil_read_file_contexts(kpropd_t) diff --git a/kerneloops.if b/kerneloops.if -index 714448f8d..fa0c994e5 100644 +index 714448f8d9..fa0c994e50 100644 --- a/kerneloops.if +++ b/kerneloops.if @@ -101,13 +101,16 @@ interface(`kerneloops_manage_tmp_files',` @@ -45552,7 +45552,7 @@ index 714448f8d..fa0c994e5 100644 domain_system_change_exemption($1) role_transition $2 kerneloops_initrc_exec_t system_r; diff --git a/kerneloops.te b/kerneloops.te -index bcdb29599..f6e3736dd 100644 +index bcdb29599b..f6e3736dd3 100644 --- a/kerneloops.te +++ b/kerneloops.te @@ -31,7 +31,6 @@ kernel_read_ring_buffer(kerneloops_t) @@ -45573,7 +45573,7 @@ index bcdb29599..f6e3736dd 100644 dbus_system_domain(kerneloops_t, kerneloops_exec_t) ') diff --git a/keyboardd.if b/keyboardd.if -index 8982b9106..6134ef258 100644 +index 8982b9106c..6134ef2584 100644 --- a/keyboardd.if +++ b/keyboardd.if @@ -1,19 +1,39 @@ @@ -45625,7 +45625,7 @@ index 8982b9106..6134ef258 100644 + allow $1 keyboardd_t:fifo_file read_fifo_file_perms; ') diff --git a/keyboardd.te b/keyboardd.te -index 628b78b4b..fe656175e 100644 +index 628b78b4b8..fe656175e2 100644 --- a/keyboardd.te +++ b/keyboardd.te @@ -19,6 +19,3 @@ allow keyboardd_t self:unix_stream_socket create_stream_socket_perms; @@ -45636,7 +45636,7 @@ index 628b78b4b..fe656175e 100644 - -miscfiles_read_localization(keyboardd_t) diff --git a/keystone.fc b/keystone.fc -index b273d803c..6b2b50d69 100644 +index b273d803c2..6b2b50d699 100644 --- a/keystone.fc +++ b/keystone.fc @@ -1,7 +1,13 @@ @@ -45654,7 +45654,7 @@ index b273d803c..6b2b50d69 100644 + +/var/run/keystone(/.*)? gen_context(system_u:object_r:keystone_var_run_t,s0) diff --git a/keystone.if b/keystone.if -index e88fb16e0..ec6121a5c 100644 +index e88fb16e06..ec6121a5c8 100644 --- a/keystone.if +++ b/keystone.if @@ -1,42 +1,219 @@ @@ -45893,7 +45893,7 @@ index e88fb16e0..ec6121a5c 100644 + ') ') diff --git a/keystone.te b/keystone.te -index 992964774..c573d0ed5 100644 +index 9929647749..c573d0ed53 100644 --- a/keystone.te +++ b/keystone.te @@ -18,13 +18,20 @@ logging_log_file(keystone_log_t) @@ -45985,7 +45985,7 @@ index 992964774..c573d0ed5 100644 + corenet_tcp_sendrecv_commplex_main_port(keystone_cgi_script_t) ') diff --git a/kismet.if b/kismet.if -index aa2a3379b..7ff229f32 100644 +index aa2a3379be..7ff229f325 100644 --- a/kismet.if +++ b/kismet.if @@ -283,7 +283,7 @@ interface(`kismet_manage_log',` @@ -46011,7 +46011,7 @@ index aa2a3379b..7ff229f32 100644 files_search_var_lib($1) admin_pattern($1, kismet_var_lib_t) diff --git a/kismet.te b/kismet.te -index 8ad0d4d50..01e503790 100644 +index 8ad0d4d507..01e5037909 100644 --- a/kismet.te +++ b/kismet.te @@ -38,7 +38,7 @@ files_pid_file(kismet_var_run_t) @@ -46059,7 +46059,7 @@ index 8ad0d4d50..01e503790 100644 dbus_system_bus_client(kismet_t) diff --git a/kmscon.fc b/kmscon.fc new file mode 100644 -index 000000000..ccd29c079 +index 0000000000..ccd29c0791 --- /dev/null +++ b/kmscon.fc @@ -0,0 +1,3 @@ @@ -46068,7 +46068,7 @@ index 000000000..ccd29c079 +/etc/kmscon(/.*)? gen_context(system_u:object_r:kmscon_conf_t,s0) diff --git a/kmscon.if b/kmscon.if new file mode 100644 -index 000000000..b9347faa9 +index 0000000000..b9347faa95 --- /dev/null +++ b/kmscon.if @@ -0,0 +1,25 @@ @@ -46099,7 +46099,7 @@ index 000000000..b9347faa9 +') diff --git a/kmscon.te b/kmscon.te new file mode 100644 -index 000000000..32a9e1356 +index 0000000000..32a9e13562 --- /dev/null +++ b/kmscon.te @@ -0,0 +1,88 @@ @@ -46193,7 +46193,7 @@ index 000000000..32a9e1356 +') diff --git a/kpatch.fc b/kpatch.fc new file mode 100644 -index 000000000..43aaa8a78 +index 0000000000..43aaa8a789 --- /dev/null +++ b/kpatch.fc @@ -0,0 +1,3 @@ @@ -46202,7 +46202,7 @@ index 000000000..43aaa8a78 +/var/lib/kpatch(/.*)? gen_context(system_u:object_r:kpatch_var_lib_t,s0) diff --git a/kpatch.if b/kpatch.if new file mode 100644 -index 000000000..7ca0e4c87 +index 0000000000..7ca0e4c87a --- /dev/null +++ b/kpatch.if @@ -0,0 +1,75 @@ @@ -46283,7 +46283,7 @@ index 000000000..7ca0e4c87 +') diff --git a/kpatch.te b/kpatch.te new file mode 100644 -index 000000000..920984927 +index 0000000000..9209849272 --- /dev/null +++ b/kpatch.te @@ -0,0 +1,40 @@ @@ -46328,7 +46328,7 @@ index 000000000..920984927 +') + diff --git a/ksmtuned.fc b/ksmtuned.fc -index e736c450c..4b1e1e453 100644 +index e736c450c0..4b1e1e4536 100644 --- a/ksmtuned.fc +++ b/ksmtuned.fc @@ -1,5 +1,7 @@ @@ -46340,7 +46340,7 @@ index e736c450c..4b1e1e453 100644 /var/log/ksmtuned.* gen_context(system_u:object_r:ksmtuned_log_t,s0) diff --git a/ksmtuned.if b/ksmtuned.if -index 93a64bc50..af6d741d6 100644 +index 93a64bc506..af6d741d6b 100644 --- a/ksmtuned.if +++ b/ksmtuned.if @@ -38,6 +38,30 @@ interface(`ksmtuned_initrc_domtrans',` @@ -46417,7 +46417,7 @@ index 93a64bc50..af6d741d6 100644 + allow $1 ksmtuned_unit_file_t:service all_service_perms; ') diff --git a/ksmtuned.te b/ksmtuned.te -index 8eef134ac..9636a5343 100644 +index 8eef134acd..9636a5343c 100644 --- a/ksmtuned.te +++ b/ksmtuned.te @@ -5,10 +5,27 @@ policy_module(ksmtuned, 1.1.1) @@ -46474,7 +46474,7 @@ index 8eef134ac..9636a5343 100644 + samba_read_share_files(ksmtuned_t) +') diff --git a/ktalk.fc b/ktalk.fc -index 38ecb07d1..451067ebd 100644 +index 38ecb07d15..451067ebdf 100644 --- a/ktalk.fc +++ b/ktalk.fc @@ -1,3 +1,5 @@ @@ -46484,7 +46484,7 @@ index 38ecb07d1..451067ebd 100644 /usr/sbin/in\.talkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0) diff --git a/ktalk.if b/ktalk.if -index 19777b806..cd721fd6b 100644 +index 19777b8062..cd721fd6b6 100644 --- a/ktalk.if +++ b/ktalk.if @@ -1 +1,77 @@ @@ -46567,7 +46567,7 @@ index 19777b806..cd721fd6b 100644 + ') +') diff --git a/ktalk.te b/ktalk.te -index c5548c5ed..1356fcbd2 100644 +index c5548c5edc..1356fcbd27 100644 --- a/ktalk.te +++ b/ktalk.te @@ -13,6 +13,9 @@ inetd_udp_service_domain(ktalkd_t, ktalkd_exec_t) @@ -46599,7 +46599,7 @@ index c5548c5ed..1356fcbd2 100644 +userdom_use_user_ttys(ktalkd_t) diff --git a/kubernetes.fc b/kubernetes.fc new file mode 100644 -index 000000000..6ab641c51 +index 0000000000..6ab641c51e --- /dev/null +++ b/kubernetes.fc @@ -0,0 +1,13 @@ @@ -46618,7 +46618,7 @@ index 000000000..6ab641c51 + diff --git a/kubernetes.if b/kubernetes.if new file mode 100644 -index 000000000..b2841e526 +index 0000000000..b2841e526f --- /dev/null +++ b/kubernetes.if @@ -0,0 +1,87 @@ @@ -46711,7 +46711,7 @@ index 000000000..b2841e526 +') diff --git a/kubernetes.te b/kubernetes.te new file mode 100644 -index 000000000..b625b5343 +index 0000000000..b625b5343a --- /dev/null +++ b/kubernetes.te @@ -0,0 +1,76 @@ @@ -46792,7 +46792,7 @@ index 000000000..b625b5343 + +allow kube_proxy_t self:capability net_admin; diff --git a/kudzu.if b/kudzu.if -index 52970645f..6ba810834 100644 +index 52970645ff..6ba8108342 100644 --- a/kudzu.if +++ b/kudzu.if @@ -86,9 +86,13 @@ interface(`kudzu_admin',` @@ -46811,7 +46811,7 @@ index 52970645f..6ba810834 100644 domain_system_change_exemption($1) role_transition $2 kudzu_initrc_exec_t system_r; diff --git a/kudzu.te b/kudzu.te -index 16640364b..ee7a9a1d5 100644 +index 16640364be..ee7a9a1d55 100644 --- a/kudzu.te +++ b/kudzu.te @@ -26,7 +26,7 @@ files_pid_file(kudzu_var_run_t) @@ -46873,7 +46873,7 @@ index 16640364b..ee7a9a1d5 100644 - unconfined_domtrans(kudzu_t) -') diff --git a/l2tp.fc b/l2tp.fc -index d5d1572b1..ddc6ef210 100644 +index d5d1572b1c..ddc6ef210e 100644 --- a/l2tp.fc +++ b/l2tp.fc @@ -5,7 +5,9 @@ @@ -46887,7 +46887,7 @@ index d5d1572b1..ddc6ef210 100644 /var/run/.*l2tpd\.pid -- gen_context(system_u:object_r:l2tpd_var_run_t,s0) +/var/run/*.xl2tpd.* -- gen_context(system_u:object_r:l2tpd_var_run_t,s0) diff --git a/l2tp.if b/l2tp.if -index 73e2803ee..34ca3aa22 100644 +index 73e2803eef..34ca3aa22b 100644 --- a/l2tp.if +++ b/l2tp.if @@ -1,9 +1,45 @@ @@ -47116,7 +47116,7 @@ index 73e2803ee..34ca3aa22 100644 role_transition $2 l2tpd_initrc_exec_t system_r; allow $2 system_r; diff --git a/l2tp.te b/l2tp.te -index bb06a7fee..01e784bf5 100644 +index bb06a7fee9..01e784bf59 100644 --- a/l2tp.te +++ b/l2tp.te @@ -27,7 +27,7 @@ files_pid_file(l2tpd_var_run_t) @@ -47185,7 +47185,7 @@ index bb06a7fee..01e784bf5 100644 ppp_domtrans(l2tpd_t) ppp_signal(l2tpd_t) diff --git a/ldap.fc b/ldap.fc -index b7e567916..c93db3316 100644 +index b7e5679167..c93db3316a 100644 --- a/ldap.fc +++ b/ldap.fc @@ -1,8 +1,11 @@ @@ -47216,7 +47216,7 @@ index b7e567916..c93db3316 100644 +/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0) +/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0) diff --git a/ldap.if b/ldap.if -index 3602712d0..af83a5b6b 100644 +index 3602712d06..af83a5b6b9 100644 --- a/ldap.if +++ b/ldap.if @@ -1,8 +1,69 @@ @@ -47462,7 +47462,7 @@ index 3602712d0..af83a5b6b 100644 + allow $1 slapd_unit_file_t:service all_service_perms; ') diff --git a/ldap.te b/ldap.te -index 4c2b1110e..1c922b340 100644 +index 4c2b1110ed..1c922b3402 100644 --- a/ldap.te +++ b/ldap.te @@ -21,6 +21,9 @@ files_config_file(slapd_etc_t) @@ -47561,7 +47561,7 @@ index 4c2b1110e..1c922b340 100644 ') diff --git a/lightsquid.fc b/lightsquid.fc -index 044390c6e..63e205863 100644 +index 044390c6e2..63e205863c 100644 --- a/lightsquid.fc +++ b/lightsquid.fc @@ -1,11 +1,11 @@ @@ -47582,7 +47582,7 @@ index 044390c6e..63e205863 100644 +/var/www/html/lightsquid(/.*)? gen_context(system_u:object_r:lightsquid_content_t,s0) +/var/www/html/lightsquid/report(/.*)? gen_context(system_u:object_r:lightsquid_report_content_t,s0) diff --git a/lightsquid.if b/lightsquid.if -index 33a28b9ad..33ffe2484 100644 +index 33a28b9ad6..33ffe2484b 100644 --- a/lightsquid.if +++ b/lightsquid.if @@ -76,5 +76,7 @@ interface(`lightsquid_admin',` @@ -47595,7 +47595,7 @@ index 33a28b9ad..33ffe2484 100644 + ') ') diff --git a/lightsquid.te b/lightsquid.te -index 09c4f27ba..6c7855e4e 100644 +index 09c4f27bad..6c7855e4e1 100644 --- a/lightsquid.te +++ b/lightsquid.te @@ -13,38 +13,34 @@ type lightsquid_exec_t; @@ -47648,7 +47648,7 @@ index 09c4f27ba..6c7855e4e 100644 optional_policy(` diff --git a/likewise.if b/likewise.if -index bd20e8cc9..3393a01e6 100644 +index bd20e8cc92..3393a01e61 100644 --- a/likewise.if +++ b/likewise.if @@ -1,9 +1,22 @@ @@ -47790,7 +47790,7 @@ index bd20e8cc9..3393a01e6 100644 - admin_pattern($1, { lwregd_var_run_t netlogond_var_run_t srvsvcd_var_run_t }) -') diff --git a/likewise.te b/likewise.te -index d8c2442a8..f5dff3173 100644 +index d8c2442a80..f5dff31732 100644 --- a/likewise.te +++ b/likewise.te @@ -26,7 +26,7 @@ type likewise_var_lib_t; @@ -47868,7 +47868,7 @@ index d8c2442a8..f5dff3173 100644 corenet_tcp_sendrecv_generic_node(srvsvcd_t) diff --git a/linuxptp.fc b/linuxptp.fc new file mode 100644 -index 000000000..d2061a9e4 +index 0000000000..d2061a9e4c --- /dev/null +++ b/linuxptp.fc @@ -0,0 +1,11 @@ @@ -47885,7 +47885,7 @@ index 000000000..d2061a9e4 +/var/run/timemaster(/.*)? gen_context(system_u:object_r:timemaster_var_run_t,s0) diff --git a/linuxptp.if b/linuxptp.if new file mode 100644 -index 000000000..e2c96f4a8 +index 0000000000..e2c96f4a80 --- /dev/null +++ b/linuxptp.if @@ -0,0 +1,142 @@ @@ -48033,7 +48033,7 @@ index 000000000..e2c96f4a8 +') diff --git a/linuxptp.te b/linuxptp.te new file mode 100644 -index 000000000..75611d3e8 +index 0000000000..75611d3e88 --- /dev/null +++ b/linuxptp.te @@ -0,0 +1,188 @@ @@ -48226,7 +48226,7 @@ index 000000000..75611d3e8 + gpsd_rw_shm(ptp4l_t) +') diff --git a/lircd.if b/lircd.if -index dff21a7c4..b6981c846 100644 +index dff21a7c44..b6981c8465 100644 --- a/lircd.if +++ b/lircd.if @@ -81,8 +81,11 @@ interface(`lircd_admin',` @@ -48243,7 +48243,7 @@ index dff21a7c4..b6981c846 100644 init_labeled_script_domtrans($1, lircd_initrc_exec_t) domain_system_change_exemption($1) diff --git a/lircd.te b/lircd.te -index 483c87bb6..f9d2e10b1 100644 +index 483c87bb64..f9d2e10b1d 100644 --- a/lircd.te +++ b/lircd.te @@ -13,7 +13,7 @@ type lircd_initrc_exec_t; @@ -48299,7 +48299,7 @@ index 483c87bb6..f9d2e10b1 100644 + sssd_read_public_files(lircd_t) +') diff --git a/livecd.if b/livecd.if -index e3541811a..fc614bac2 100644 +index e3541811ac..fc614bac2b 100644 --- a/livecd.if +++ b/livecd.if @@ -38,11 +38,36 @@ interface(`livecd_domtrans',` @@ -48340,7 +48340,7 @@ index e3541811a..fc614bac2 100644 ######################################## diff --git a/livecd.te b/livecd.te -index 2f974bf83..f6e97faaf 100644 +index 2f974bf839..f6e97faaf2 100644 --- a/livecd.te +++ b/livecd.te @@ -21,9 +21,11 @@ files_tmp_file(livecd_tmp_t) @@ -48374,7 +48374,7 @@ index 2f974bf83..f6e97faaf 100644 optional_policy(` diff --git a/lldpad.fc b/lldpad.fc -index 8031a78eb..72e56acc3 100644 +index 8031a78eb8..72e56acc3a 100644 --- a/lldpad.fc +++ b/lldpad.fc @@ -5,3 +5,5 @@ @@ -48384,7 +48384,7 @@ index 8031a78eb..72e56acc3 100644 + +/dev/shm/lldpad.* -- gen_context(system_u:object_r:lldpad_tmpfs_t,s0) diff --git a/lldpad.if b/lldpad.if -index d18c96023..fb5b67416 100644 +index d18c96023c..fb5b67416b 100644 --- a/lldpad.if +++ b/lldpad.if @@ -1,5 +1,24 @@ @@ -48428,7 +48428,7 @@ index d18c96023..fb5b67416 100644 domain_system_change_exemption($1) role_transition $2 lldpad_initrc_exec_t system_r; diff --git a/lldpad.te b/lldpad.te -index 2a491d96c..d909b408c 100644 +index 2a491d96c1..d909b408c3 100644 --- a/lldpad.te +++ b/lldpad.te @@ -26,7 +26,7 @@ files_pid_file(lldpad_var_run_t) @@ -48472,7 +48472,7 @@ index 2a491d96c..d909b408c 100644 + virt_dgram_send(lldpad_t) +') diff --git a/loadkeys.te b/loadkeys.te -index d2f464375..ecbfa88ff 100644 +index d2f4643757..ecbfa88ffa 100644 --- a/loadkeys.te +++ b/loadkeys.te @@ -25,20 +25,19 @@ kernel_read_system_state(loadkeys_t) @@ -48509,7 +48509,7 @@ index d2f464375..ecbfa88ff 100644 + sssd_stream_connect(loadkeys_t) +') diff --git a/lockdev.if b/lockdev.if -index 4313b8bc0..cd1435cdf 100644 +index 4313b8bc0b..cd1435cdf2 100644 --- a/lockdev.if +++ b/lockdev.if @@ -1,5 +1,25 @@ @@ -48539,7 +48539,7 @@ index 4313b8bc0..cd1435cdf 100644 ## ## Role access for lockdev. diff --git a/lockdev.te b/lockdev.te -index 61db5a0a7..9d5d25524 100644 +index 61db5a0a70..9d5d255241 100644 --- a/lockdev.te +++ b/lockdev.te @@ -36,4 +36,5 @@ fs_getattr_xattr_fs(lockdev_t) @@ -48550,7 +48550,7 @@ index 61db5a0a7..9d5d25524 100644 +userdom_use_inherited_user_terminals(lockdev_t) + diff --git a/logrotate.fc b/logrotate.fc -index a11d5be99..dc14626a9 100644 +index a11d5be993..dc14626a90 100644 --- a/logrotate.fc +++ b/logrotate.fc @@ -1,6 +1,7 @@ @@ -48564,7 +48564,7 @@ index a11d5be99..dc14626a9 100644 +/var/lib/logrotate\.status.* -- gen_context(system_u:object_r:logrotate_var_lib_t,s0) + diff --git a/logrotate.if b/logrotate.if -index dd8e01af3..9cd6b0b8e 100644 +index dd8e01af35..9cd6b0b8e1 100644 --- a/logrotate.if +++ b/logrotate.if @@ -1,4 +1,4 @@ @@ -48619,7 +48619,7 @@ index dd8e01af3..9cd6b0b8e 100644 ## ## diff --git a/logrotate.te b/logrotate.te -index be0ab84b3..a283ea42c 100644 +index be0ab84b35..a283ea42cf 100644 --- a/logrotate.te +++ b/logrotate.te @@ -5,16 +5,33 @@ policy_module(logrotate, 1.15.0) @@ -48970,7 +48970,7 @@ index be0ab84b3..a283ea42c 100644 logging_read_all_logs(logrotate_mail_t) +manage_files_pattern(logrotate_mail_t, logrotate_tmp_t, logrotate_tmp_t) diff --git a/logwatch.if b/logwatch.if -index 06c3d36ca..37e71b3d7 100644 +index 06c3d36caa..37e71b3d7d 100644 --- a/logwatch.if +++ b/logwatch.if @@ -37,3 +37,42 @@ interface(`logwatch_search_cache_dir',` @@ -49017,7 +49017,7 @@ index 06c3d36ca..37e71b3d7 100644 + manage_dirs_pattern($1, logwatch_cache_t, logwatch_cache_t) +') diff --git a/logwatch.te b/logwatch.te -index ab650340c..6d6816bb6 100644 +index ab650340c1..6d6816bb67 100644 --- a/logwatch.te +++ b/logwatch.te @@ -15,7 +15,8 @@ gen_tunable(logwatch_can_network_connect_mail, false) @@ -49128,7 +49128,7 @@ index ab650340c..6d6816bb6 100644 + qmail_domtrans_queue(logwatch_mail_t) +') diff --git a/lpd.fc b/lpd.fc -index 2fb9b2ec2..08974e376 100644 +index 2fb9b2ec28..08974e3760 100644 --- a/lpd.fc +++ b/lpd.fc @@ -19,6 +19,7 @@ @@ -49140,7 +49140,7 @@ index 2fb9b2ec2..08974e376 100644 /usr/share/printconf/.* -- gen_context(system_u:object_r:printconf_t,s0) diff --git a/lpd.if b/lpd.if -index 62563717b..ce2acb881 100644 +index 62563717b4..ce2acb8815 100644 --- a/lpd.if +++ b/lpd.if @@ -1,44 +1,49 @@ @@ -49320,7 +49320,7 @@ index 62563717b..ce2acb881 100644 can_exec($1, lpr_exec_t) ') diff --git a/lpd.te b/lpd.te -index 39d31640e..1ec2cd26e 100644 +index 39d31640ed..1ec2cd26eb 100644 --- a/lpd.te +++ b/lpd.te @@ -48,7 +48,7 @@ userdom_user_tmp_file(lpr_tmp_t) @@ -49492,7 +49492,7 @@ index 39d31640e..1ec2cd26e 100644 + mozilla_plugin_dontaudit_rw_tmp_files(lpr_t) ') diff --git a/lsm.fc b/lsm.fc -index c45573053..6e1466794 100644 +index c455730535..6e14667940 100644 --- a/lsm.fc +++ b/lsm.fc @@ -1,3 +1,7 @@ @@ -49504,7 +49504,7 @@ index c45573053..6e1466794 100644 + /var/run/lsm(/.*)? gen_context(system_u:object_r:lsmd_var_run_t,s0) diff --git a/lsm.if b/lsm.if -index d3143334d..27ede090c 100644 +index d3143334dd..27ede090c4 100644 --- a/lsm.if +++ b/lsm.if @@ -1,25 +1,86 @@ @@ -49615,7 +49615,7 @@ index d3143334d..27ede090c 100644 + ') ') diff --git a/lsm.te b/lsm.te -index 4ec0eea30..45a351646 100644 +index 4ec0eea306..45a3516462 100644 --- a/lsm.te +++ b/lsm.te @@ -4,6 +4,13 @@ policy_module(lsm, 1.0.0) @@ -49736,7 +49736,7 @@ index 4ec0eea30..45a351646 100644 +storage_dev_filetrans_named_fixed_disk(lsmd_plugin_t) diff --git a/lttng-tools.fc b/lttng-tools.fc new file mode 100644 -index 000000000..bdd17ca85 +index 0000000000..bdd17ca85b --- /dev/null +++ b/lttng-tools.fc @@ -0,0 +1,5 @@ @@ -49747,7 +49747,7 @@ index 000000000..bdd17ca85 +/var/run/lttng(/.*)? gen_context(system_u:object_r:lttng_sessiond_var_run_t,s0) diff --git a/lttng-tools.if b/lttng-tools.if new file mode 100644 -index 000000000..e86897d29 +index 0000000000..e86897d290 --- /dev/null +++ b/lttng-tools.if @@ -0,0 +1,117 @@ @@ -49870,7 +49870,7 @@ index 000000000..e86897d29 +') diff --git a/lttng-tools.te b/lttng-tools.te new file mode 100644 -index 000000000..1d2ca2224 +index 0000000000..1d2ca22240 --- /dev/null +++ b/lttng-tools.te @@ -0,0 +1,60 @@ @@ -49935,7 +49935,7 @@ index 000000000..1d2ca2224 +modutils_read_module_config(lttng_sessiond_t) +files_read_kernel_modules(lttng_sessiond_t) diff --git a/mailman.fc b/mailman.fc -index 995d0a5d3..3d40d59d2 100644 +index 995d0a5d34..3d40d59d2d 100644 --- a/mailman.fc +++ b/mailman.fc @@ -2,10 +2,12 @@ @@ -49953,7 +49953,7 @@ index 995d0a5d3..3d40d59d2 100644 /var/lock/mailman.* gen_context(system_u:object_r:mailman_lock_t,s0) diff --git a/mailman.if b/mailman.if -index 108c0f1f5..a2485018e 100644 +index 108c0f1f55..a2485018e2 100644 --- a/mailman.if +++ b/mailman.if @@ -1,44 +1,70 @@ @@ -50263,7 +50263,7 @@ index 108c0f1f5..a2485018e 100644 domtrans_pattern($1, mailman_queue_exec_t, mailman_queue_t) ') diff --git a/mailman.te b/mailman.te -index ac81c7fa9..2bbde0b7c 100644 +index ac81c7fa9a..2bbde0b7c7 100644 --- a/mailman.te +++ b/mailman.te @@ -4,6 +4,12 @@ policy_module(mailman, 1.10.0) @@ -50375,7 +50375,7 @@ index ac81c7fa9..2bbde0b7c 100644 + fs_manage_fusefs_symlinks(mailman_domain) +') diff --git a/mailscanner.if b/mailscanner.if -index 214cb4498..bd1d48e4f 100644 +index 214cb44983..bd1d48e4fb 100644 --- a/mailscanner.if +++ b/mailscanner.if @@ -2,29 +2,27 @@ @@ -50456,7 +50456,7 @@ index 214cb4498..bd1d48e4f 100644 + files_list_pids($1) ') diff --git a/mailscanner.te b/mailscanner.te -index 6b6e2e130..3fb3393ba 100644 +index 6b6e2e130b..3fb3393bad 100644 --- a/mailscanner.te +++ b/mailscanner.te @@ -29,11 +29,12 @@ files_pid_file(mscan_var_run_t) @@ -50502,7 +50502,7 @@ index 6b6e2e130..3fb3393ba 100644 spamassassin_read_lib_files(mscan_t) ') diff --git a/man2html.fc b/man2html.fc -index 82f625551..368673237 100644 +index 82f6255512..3686732372 100644 --- a/man2html.fc +++ b/man2html.fc @@ -1,5 +1,5 @@ @@ -50516,7 +50516,7 @@ index 82f625551..368673237 100644 -/var/cache/man2html(/.*)? gen_context(system_u:object_r:httpd_man2html_script_cache_t,s0) +/var/cache/man2html(/.*)? gen_context(system_u:object_r:man2html_rw_content_t,s0) diff --git a/man2html.if b/man2html.if -index 54ec04d3b..53eaf61d6 100644 +index 54ec04d3b4..53eaf61d60 100644 --- a/man2html.if +++ b/man2html.if @@ -1 +1,137 @@ @@ -50658,7 +50658,7 @@ index 54ec04d3b..53eaf61d6 100644 + ') +') diff --git a/man2html.te b/man2html.te -index e08c55d43..24b56e9ee 100644 +index e08c55d433..24b56e9ee7 100644 --- a/man2html.te +++ b/man2html.te @@ -5,22 +5,18 @@ policy_module(man2html, 1.0.0) @@ -50693,7 +50693,7 @@ index e08c55d43..24b56e9ee 100644 + files_var_filetrans(man2html_script_t, man2html_rw_content_t, { dir file }) +') diff --git a/mandb.fc b/mandb.fc -index 8ae78b5bf..b365cddec 100644 +index 8ae78b5bf7..b365cddec1 100644 --- a/mandb.fc +++ b/mandb.fc @@ -1 +1,12 @@ @@ -50710,7 +50710,7 @@ index 8ae78b5bf..b365cddec 100644 + +/root/.manpath -- gen_context(system_u:object_r:mandb_home_t,s0) diff --git a/mandb.if b/mandb.if -index 327f3f726..d6ae4eab6 100644 +index 327f3f7261..d6ae4eab6a 100644 --- a/mandb.if +++ b/mandb.if @@ -1,14 +1,14 @@ @@ -50966,7 +50966,7 @@ index 327f3f726..d6ae4eab6 100644 + ') ') diff --git a/mandb.te b/mandb.te -index e6136fd37..2edabefc3 100644 +index e6136fd372..2edabefc3e 100644 --- a/mandb.te +++ b/mandb.te @@ -10,19 +10,41 @@ roleattribute system_r mandb_roles; @@ -51031,7 +51031,7 @@ index e6136fd37..2edabefc3 100644 ifdef(`distro_debian',` optional_policy(` diff --git a/mcelog.if b/mcelog.if -index f89651e75..c73214d81 100644 +index f89651e753..c73214d811 100644 --- a/mcelog.if +++ b/mcelog.if @@ -19,6 +19,25 @@ interface(`mcelog_domtrans',` @@ -51061,7 +51061,7 @@ index f89651e75..c73214d81 100644 ## ## All of the rules required to diff --git a/mcelog.te b/mcelog.te -index 59b3b3dd6..494c4f3a4 100644 +index 59b3b3dd6f..494c4f3a46 100644 --- a/mcelog.te +++ b/mcelog.te @@ -36,13 +36,6 @@ gen_tunable(mcelog_foreground, false) @@ -51115,7 +51115,7 @@ index 59b3b3dd6..494c4f3a4 100644 cron_system_entry(mcelog_t, mcelog_exec_t) diff --git a/mcollective.fc b/mcollective.fc new file mode 100644 -index 000000000..821bf8822 +index 0000000000..821bf88222 --- /dev/null +++ b/mcollective.fc @@ -0,0 +1,3 @@ @@ -51124,7 +51124,7 @@ index 000000000..821bf8822 +/usr/libexec/mcollective/update_yaml\.rb -- gen_context(system_u:object_r:mcollective_exec_t,s0) diff --git a/mcollective.if b/mcollective.if new file mode 100644 -index 000000000..3f433f1e2 +index 0000000000..3f433f1e2b --- /dev/null +++ b/mcollective.if @@ -0,0 +1,109 @@ @@ -51239,7 +51239,7 @@ index 000000000..3f433f1e2 +') diff --git a/mcollective.te b/mcollective.te new file mode 100644 -index 000000000..8bc27f4c5 +index 0000000000..8bc27f4c5c --- /dev/null +++ b/mcollective.te @@ -0,0 +1,27 @@ @@ -51271,7 +51271,7 @@ index 000000000..8bc27f4c5 +domain_use_interactive_fds(mcollective_t) + diff --git a/mediawiki.fc b/mediawiki.fc -index 99f7c4187..174560318 100644 +index 99f7c41879..1745603189 100644 --- a/mediawiki.fc +++ b/mediawiki.fc @@ -1,8 +1,8 @@ @@ -51290,7 +51290,7 @@ index 99f7c4187..174560318 100644 +/var/www/wiki[0-9]?(/.*)? gen_context(system_u:object_r:mediawiki_rw_content_t,s0) +/var/www/wiki[0-9]?\.php -- gen_context(system_u:object_r:mediawiki_content_t,s0) diff --git a/mediawiki.if b/mediawiki.if -index 9771b4ba3..9b183e62b 100644 +index 9771b4ba34..9b183e62be 100644 --- a/mediawiki.if +++ b/mediawiki.if @@ -1 +1,40 @@ @@ -51336,7 +51336,7 @@ index 9771b4ba3..9b183e62b 100644 + delete_files_pattern($1, mediawiki_tmp_t, mediawiki_tmp_t) +') diff --git a/mediawiki.te b/mediawiki.te -index c528b9fa7..f577a7fa6 100644 +index c528b9fa70..f577a7fa6c 100644 --- a/mediawiki.te +++ b/mediawiki.te @@ -5,13 +5,29 @@ policy_module(mediawiki, 1.0.0) @@ -51373,7 +51373,7 @@ index c528b9fa7..f577a7fa6 100644 + +') diff --git a/memcached.if b/memcached.if -index 1d4eb19b8..650014e0f 100644 +index 1d4eb19b8f..650014e0f2 100644 --- a/memcached.if +++ b/memcached.if @@ -1,4 +1,4 @@ @@ -51510,7 +51510,7 @@ index 1d4eb19b8..650014e0f 100644 admin_pattern($1, memcached_var_run_t) ') diff --git a/memcached.te b/memcached.te -index 29b752160..5000dd91c 100644 +index 29b752160f..5000dd91c7 100644 --- a/memcached.te +++ b/memcached.te @@ -8,6 +8,7 @@ policy_module(memcached, 1.3.1) @@ -51545,7 +51545,7 @@ index 29b752160..5000dd91c 100644 -miscfiles_read_localization(memcached_t) diff --git a/milter.fc b/milter.fc -index 89409ebbc..67e42f6a9 100644 +index 89409ebbc7..67e42f6a9f 100644 --- a/milter.fc +++ b/milter.fc @@ -1,18 +1,29 @@ @@ -51589,7 +51589,7 @@ index 89409ebbc..67e42f6a9 100644 +/var/spool/opendkim(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) +/var/spool/opendmarc(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0) diff --git a/milter.if b/milter.if -index cba62db12..562833a81 100644 +index cba62db12b..562833a816 100644 --- a/milter.if +++ b/milter.if @@ -1,47 +1,43 @@ @@ -51727,7 +51727,7 @@ index cba62db12..562833a81 100644 + delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t) +') diff --git a/milter.te b/milter.te -index 4dc99f464..48e3f3813 100644 +index 4dc99f4645..48e3f38138 100644 --- a/milter.te +++ b/milter.te @@ -5,73 +5,117 @@ policy_module(milter, 1.5.0) @@ -51928,7 +51928,7 @@ index 4dc99f464..48e3f3813 100644 spamassassin_domtrans_client(spamass_milter_t) ') diff --git a/minissdpd.if b/minissdpd.if -index b3301610f..54509375e 100644 +index b3301610f5..54509375eb 100644 --- a/minissdpd.if +++ b/minissdpd.if @@ -39,10 +39,10 @@ interface(`minissdpd_read_config',` @@ -51946,7 +51946,7 @@ index b3301610f..54509375e 100644 init_labeled_script_domtrans($1, minissdpd_initrc_exec_t) diff --git a/mip6d.fc b/mip6d.fc new file mode 100644 -index 000000000..767bbad7b +index 0000000000..767bbad7b2 --- /dev/null +++ b/mip6d.fc @@ -0,0 +1,3 @@ @@ -51955,7 +51955,7 @@ index 000000000..767bbad7b +/usr/sbin/mip6d -- gen_context(system_u:object_r:mip6d_exec_t,s0) diff --git a/mip6d.if b/mip6d.if new file mode 100644 -index 000000000..861b486dc +index 0000000000..861b486dc2 --- /dev/null +++ b/mip6d.if @@ -0,0 +1,80 @@ @@ -52041,7 +52041,7 @@ index 000000000..861b486dc +') diff --git a/mip6d.te b/mip6d.te new file mode 100644 -index 000000000..0f290e9d4 +index 0000000000..0f290e9d45 --- /dev/null +++ b/mip6d.te @@ -0,0 +1,33 @@ @@ -52080,7 +52080,7 @@ index 000000000..0f290e9d4 + diff --git a/mirrormanager.fc b/mirrormanager.fc new file mode 100644 -index 000000000..abd53a4c7 +index 0000000000..abd53a4c78 --- /dev/null +++ b/mirrormanager.fc @@ -0,0 +1,7 @@ @@ -52093,7 +52093,7 @@ index 000000000..abd53a4c7 +/var/run/mirrormanager(/.*)? gen_context(system_u:object_r:mirrormanager_var_run_t,s0) diff --git a/mirrormanager.if b/mirrormanager.if new file mode 100644 -index 000000000..86467cffb +index 0000000000..86467cffba --- /dev/null +++ b/mirrormanager.if @@ -0,0 +1,256 @@ @@ -52355,7 +52355,7 @@ index 000000000..86467cffb +') diff --git a/mirrormanager.te b/mirrormanager.te new file mode 100644 -index 000000000..2e3289ed3 +index 0000000000..2e3289ed3d --- /dev/null +++ b/mirrormanager.te @@ -0,0 +1,46 @@ @@ -52407,7 +52407,7 @@ index 000000000..2e3289ed3 +') diff --git a/mock.fc b/mock.fc new file mode 100644 -index 000000000..394bc4658 +index 0000000000..394bc46584 --- /dev/null +++ b/mock.fc @@ -0,0 +1,7 @@ @@ -52420,7 +52420,7 @@ index 000000000..394bc4658 +/var/cache/mock(/.*)? gen_context(system_u:object_r:mock_cache_t,s0) diff --git a/mock.if b/mock.if new file mode 100644 -index 000000000..f5b98e6de +index 0000000000..f5b98e6de8 --- /dev/null +++ b/mock.if @@ -0,0 +1,311 @@ @@ -52737,7 +52737,7 @@ index 000000000..f5b98e6de +') diff --git a/mock.te b/mock.te new file mode 100644 -index 000000000..f647022cb +index 0000000000..f647022cb9 --- /dev/null +++ b/mock.te @@ -0,0 +1,288 @@ @@ -53030,7 +53030,7 @@ index 000000000..f647022cb + userdom_read_user_home_content_files(mock_build_t) +') diff --git a/modemmanager.fc b/modemmanager.fc -index a83894c6e..481dca3ff 100644 +index a83894c6ec..481dca3ff8 100644 --- a/modemmanager.fc +++ b/modemmanager.fc @@ -1 +1,4 @@ @@ -53039,7 +53039,7 @@ index a83894c6e..481dca3ff 100644 + +/usr/lib/systemd/system/ModemManager.service -- gen_context(system_u:object_r:modemmanager_unit_file_t,s0) diff --git a/modemmanager.if b/modemmanager.if -index b1ac8b5d8..24782b35f 100644 +index b1ac8b5d81..24782b35f6 100644 --- a/modemmanager.if +++ b/modemmanager.if @@ -19,6 +19,31 @@ interface(`modemmanager_domtrans',` @@ -53109,7 +53109,7 @@ index b1ac8b5d8..24782b35f 100644 + ') +') diff --git a/modemmanager.te b/modemmanager.te -index d15eb5b64..c7fd00ea0 100644 +index d15eb5b643..c7fd00ea07 100644 --- a/modemmanager.te +++ b/modemmanager.te @@ -11,6 +11,9 @@ init_daemon_domain(modemmanager_t, modemmanager_exec_t) @@ -53163,7 +53163,7 @@ index d15eb5b64..c7fd00ea0 100644 optional_policy(` diff --git a/mojomojo.fc b/mojomojo.fc -index 7b827ca7f..5ee8a0f2b 100644 +index 7b827ca7fb..5ee8a0f2b0 100644 --- a/mojomojo.fc +++ b/mojomojo.fc @@ -1,5 +1,5 @@ @@ -53176,7 +53176,7 @@ index 7b827ca7f..5ee8a0f2b 100644 -/var/lib/mojomojo(/.*)? gen_context(system_u:object_r:httpd_mojomojo_rw_content_t,s0) +/var/lib/mojomojo(/.*)? gen_context(system_u:object_r:mojomojo_rw_content_t,s0) diff --git a/mojomojo.if b/mojomojo.if -index 73952f4c9..b19a6ee2d 100644 +index 73952f4c9b..b19a6ee2dc 100644 --- a/mojomojo.if +++ b/mojomojo.if @@ -15,7 +15,6 @@ @@ -53188,7 +53188,7 @@ index 73952f4c9..b19a6ee2d 100644 interface(`mojomojo_admin',` refpolicywarn(`$0($*) has been deprecated, use apache_admin() instead.') diff --git a/mojomojo.te b/mojomojo.te -index b94102efd..25d1d33a1 100644 +index b94102efd0..25d1d33a10 100644 --- a/mojomojo.te +++ b/mojomojo.te @@ -5,21 +5,40 @@ policy_module(mojomojo, 1.1.0) @@ -53242,7 +53242,7 @@ index b94102efd..25d1d33a1 100644 +') diff --git a/mon_statd.fc b/mon_statd.fc new file mode 100644 -index 000000000..60c11c060 +index 0000000000..60c11c0608 --- /dev/null +++ b/mon_statd.fc @@ -0,0 +1,7 @@ @@ -53255,7 +53255,7 @@ index 000000000..60c11c060 +/var/run/fstatd.* -- gen_context(system_u:object_r:mon_statd_var_run_t,s0) diff --git a/mon_statd.if b/mon_statd.if new file mode 100644 -index 000000000..1ce3e4428 +index 0000000000..1ce3e44286 --- /dev/null +++ b/mon_statd.if @@ -0,0 +1,39 @@ @@ -53300,7 +53300,7 @@ index 000000000..1ce3e4428 +') diff --git a/mon_statd.te b/mon_statd.te new file mode 100644 -index 000000000..e7220a5a8 +index 0000000000..e7220a5a86 --- /dev/null +++ b/mon_statd.te @@ -0,0 +1,76 @@ @@ -53381,7 +53381,7 @@ index 000000000..e7220a5a8 +logging_send_syslog_msg(mon_procd_t) + diff --git a/mongodb.fc b/mongodb.fc -index 6fcfc31b4..e9e6bc51c 100644 +index 6fcfc31b46..e9e6bc51c0 100644 --- a/mongodb.fc +++ b/mongodb.fc @@ -1,9 +1,19 @@ @@ -53408,7 +53408,7 @@ index 6fcfc31b4..e9e6bc51c 100644 +/var/run/mongo.* gen_context(system_u:object_r:mongod_var_run_t,s0) +/var/run/aeolus/dbomatic\.pid -- gen_context(system_u:object_r:mongod_var_run_t,s0) diff --git a/mongodb.te b/mongodb.te -index 169f236e8..bc47602c8 100644 +index 169f236e87..bc47602c8c 100644 --- a/mongodb.te +++ b/mongodb.te @@ -12,6 +12,9 @@ init_daemon_domain(mongod_t, mongod_exec_t) @@ -53506,7 +53506,7 @@ index 169f236e8..bc47602c8 100644 +') + diff --git a/mono.te b/mono.te -index a6a86439f..c0f6cf503 100644 +index a6a86439fa..c0f6cf503d 100644 --- a/mono.te +++ b/mono.te @@ -28,7 +28,7 @@ allow mono_domain self:process { signal getsched execheap execmem execstack }; @@ -53519,7 +53519,7 @@ index a6a86439f..c0f6cf503 100644 init_dbus_chat_script(mono_t) diff --git a/monop.if b/monop.if -index 8fdaecea2..544075765 100644 +index 8fdaecea21..5440757657 100644 --- a/monop.if +++ b/monop.if @@ -31,7 +31,7 @@ interface(`monop_admin',` @@ -53532,7 +53532,7 @@ index 8fdaecea2..544075765 100644 files_search_pids($1) diff --git a/monop.te b/monop.te -index 5f9376384..8596763e7 100644 +index 5f93763848..8596763e7a 100644 --- a/monop.te +++ b/monop.te @@ -43,7 +43,6 @@ kernel_read_kernel_sysctls(monopd_t) @@ -53561,7 +53561,7 @@ index 5f9376384..8596763e7 100644 userdom_dontaudit_use_unpriv_user_fds(monopd_t) diff --git a/motion.fc b/motion.fc new file mode 100644 -index 000000000..74151069b +index 0000000000..74151069bc --- /dev/null +++ b/motion.fc @@ -0,0 +1,9 @@ @@ -53576,7 +53576,7 @@ index 000000000..74151069b +/var/motion(/.*)? gen_context(system_u:object_r:motion_data_t,s0) diff --git a/motion.if b/motion.if new file mode 100644 -index 000000000..edfd26777 +index 0000000000..edfd267776 --- /dev/null +++ b/motion.if @@ -0,0 +1,198 @@ @@ -53780,7 +53780,7 @@ index 000000000..edfd26777 +') diff --git a/motion.te b/motion.te new file mode 100644 -index 000000000..c7f4eb583 +index 0000000000..c7f4eb5837 --- /dev/null +++ b/motion.te @@ -0,0 +1,65 @@ @@ -53850,7 +53850,7 @@ index 000000000..c7f4eb583 +') + diff --git a/mozilla.fc b/mozilla.fc -index 6ffaba2e4..e863bad61 100644 +index 6ffaba2e43..e863bad61f 100644 --- a/mozilla.fc +++ b/mozilla.fc @@ -1,38 +1,73 @@ @@ -53962,7 +53962,7 @@ index 6ffaba2e4..e863bad61 100644 +/usr/lib/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:mozilla_plugin_config_exec_t,s0) +') diff --git a/mozilla.if b/mozilla.if -index 6194b806b..ded39ae5c 100644 +index 6194b806b2..ded39ae5c2 100644 --- a/mozilla.if +++ b/mozilla.if @@ -1,146 +1,75 @@ @@ -54791,7 +54791,7 @@ index 6194b806b..ded39ae5c 100644 ') + diff --git a/mozilla.te b/mozilla.te -index 11ac8e4fc..e2a8b27f6 100644 +index 11ac8e4fce..e2a8b27f67 100644 --- a/mozilla.te +++ b/mozilla.te @@ -6,17 +6,56 @@ policy_module(mozilla, 2.8.0) @@ -55870,7 +55870,7 @@ index 11ac8e4fc..e2a8b27f6 100644 + corenet_udp_bind_all_unreserved_ports(mozilla_plugin_t) ') diff --git a/mpd.fc b/mpd.fc -index 313ce521c..ae93e07eb 100644 +index 313ce521c7..ae93e07eb0 100644 --- a/mpd.fc +++ b/mpd.fc @@ -1,3 +1,5 @@ @@ -55886,7 +55886,7 @@ index 313ce521c..ae93e07eb 100644 + +/var/run/mpd(/.*)? gen_context(system_u:object_r:mpd_var_run_t,s0) diff --git a/mpd.if b/mpd.if -index 5fa77c7e6..2e01c7d0a 100644 +index 5fa77c7e6f..2e01c7d0a9 100644 --- a/mpd.if +++ b/mpd.if @@ -320,6 +320,25 @@ interface(`mpd_manage_lib_dirs',` @@ -55931,7 +55931,7 @@ index 5fa77c7e6..2e01c7d0a 100644 domain_system_change_exemption($1) role_transition $2 mpd_initrc_exec_t system_r; diff --git a/mpd.te b/mpd.te -index fe7252355..062ad640a 100644 +index fe72523551..062ad640af 100644 --- a/mpd.te +++ b/mpd.te @@ -62,18 +62,25 @@ files_type(mpd_var_lib_t) @@ -56051,7 +56051,7 @@ index fe7252355..062ad640a 100644 udev_read_db(mpd_t) ') diff --git a/mplayer.if b/mplayer.if -index 861d5e974..1c3d5a538 100644 +index 861d5e9746..1c3d5a538f 100644 --- a/mplayer.if +++ b/mplayer.if @@ -161,3 +161,23 @@ interface(`mplayer_home_filetrans_mplayer_home',` @@ -56079,7 +56079,7 @@ index 861d5e974..1c3d5a538 100644 + userdom_user_home_dir_filetrans($1, mplayer_home_t, dir, ".mplayer") +') diff --git a/mplayer.te b/mplayer.te -index 0f03cd937..e3ed3933d 100644 +index 0f03cd9375..e3ed3933de 100644 --- a/mplayer.te +++ b/mplayer.te @@ -11,7 +11,7 @@ policy_module(mplayer, 2.5.0) @@ -56175,7 +56175,7 @@ index 0f03cd937..e3ed3933d 100644 ') diff --git a/mrtg.if b/mrtg.if -index c595094a6..23464583b 100644 +index c595094a64..23464583b5 100644 --- a/mrtg.if +++ b/mrtg.if @@ -1,5 +1,24 @@ @@ -56204,7 +56204,7 @@ index c595094a6..23464583b 100644 ## ## Create and append mrtg log files. diff --git a/mrtg.te b/mrtg.te -index 65a246a52..fa8632064 100644 +index 65a246a520..fa8632064c 100644 --- a/mrtg.te +++ b/mrtg.te @@ -65,7 +65,6 @@ kernel_read_kernel_sysctls(mrtg_t) @@ -56240,7 +56240,7 @@ index 65a246a52..fa8632064 100644 netutils_domtrans_ping(mrtg_t) diff --git a/mta.fc b/mta.fc -index f42896cbf..fce39c1ce 100644 +index f42896cbf9..fce39c1ce6 100644 --- a/mta.fc +++ b/mta.fc @@ -1,34 +1,39 @@ @@ -56302,7 +56302,7 @@ index f42896cbf..fce39c1ce 100644 +/var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) +/var/spool/smtpd(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) diff --git a/mta.if b/mta.if -index ed81cac5a..806055cba 100644 +index ed81cac5a1..806055cba9 100644 --- a/mta.if +++ b/mta.if @@ -1,4 +1,4 @@ @@ -57490,7 +57490,7 @@ index ed81cac5a..806055cba 100644 + mta_filetrans_admin_home_content($1) +') diff --git a/mta.te b/mta.te -index ff1d68c6a..630956deb 100644 +index ff1d68c6aa..630956deb3 100644 --- a/mta.te +++ b/mta.te @@ -14,8 +14,6 @@ attribute mailserver_sender; @@ -57956,7 +57956,7 @@ index ff1d68c6a..630956deb 100644 + + diff --git a/munin.fc b/munin.fc -index eb4b72a92..4ea6ce7e2 100644 +index eb4b72a92a..4ea6ce7e29 100644 --- a/munin.fc +++ b/munin.fc @@ -1,77 +1,78 @@ @@ -58085,7 +58085,7 @@ index eb4b72a92..4ea6ce7e2 100644 +/var/www/html/cgi/munin.* gen_context(system_u:object_r:munin_script_exec_t,s0) +/var/www/cgi-bin/munin.* gen_context(system_u:object_r:munin_script_exec_t,s0) diff --git a/munin.if b/munin.if -index b744fe35e..cb0e2af61 100644 +index b744fe35ea..cb0e2af61a 100644 --- a/munin.if +++ b/munin.if @@ -1,12 +1,13 @@ @@ -58298,7 +58298,7 @@ index b744fe35e..cb0e2af61 100644 + admin_pattern($1, munin_content_t) ') diff --git a/munin.te b/munin.te -index b70870816..7d87f0a80 100644 +index b70870816b..7d87f0a806 100644 --- a/munin.te +++ b/munin.te @@ -44,41 +44,40 @@ files_tmpfs_file(services_munin_plugin_tmpfs_t) @@ -58574,7 +58574,7 @@ index b70870816..7d87f0a80 100644 + apache_search_sys_content(munin_t) +') diff --git a/mysql.fc b/mysql.fc -index 06f8666df..3099f74f5 100644 +index 06f8666df6..3099f74f56 100644 --- a/mysql.fc +++ b/mysql.fc @@ -1,27 +1,47 @@ @@ -58641,7 +58641,7 @@ index 06f8666df..3099f74f5 100644 +/var/run/mysqld(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0) +/var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0) diff --git a/mysql.if b/mysql.if -index 687af38bb..5381f1b39 100644 +index 687af38bbd..5381f1b390 100644 --- a/mysql.if +++ b/mysql.if @@ -1,23 +1,4 @@ @@ -59194,7 +59194,7 @@ index 687af38bb..5381f1b39 100644 + mysql_stream_connect($1) ') diff --git a/mysql.te b/mysql.te -index 7584bbe7c..34251389c 100644 +index 7584bbe7cd..34251389c7 100644 --- a/mysql.te +++ b/mysql.te @@ -6,20 +6,15 @@ policy_module(mysql, 1.14.1) @@ -59520,7 +59520,7 @@ index 7584bbe7c..34251389c 100644 +userdom_getattr_user_home_dirs(mysqlmanagerd_t) diff --git a/mythtv.fc b/mythtv.fc new file mode 100644 -index 000000000..d62cf886e +index 0000000000..d62cf886e6 --- /dev/null +++ b/mythtv.fc @@ -0,0 +1,9 @@ @@ -59535,7 +59535,7 @@ index 000000000..d62cf886e +/usr/share/mythtv/mythweather/scripts(/.*)? gen_context(system_u:object_r:mythtv_script_exec_t,s0) diff --git a/mythtv.if b/mythtv.if new file mode 100644 -index 000000000..e2403dd50 +index 0000000000..e2403dd506 --- /dev/null +++ b/mythtv.if @@ -0,0 +1,152 @@ @@ -59693,7 +59693,7 @@ index 000000000..e2403dd50 +') diff --git a/mythtv.te b/mythtv.te new file mode 100644 -index 000000000..0e585e3c5 +index 0000000000..0e585e3c51 --- /dev/null +++ b/mythtv.te @@ -0,0 +1,47 @@ @@ -59746,7 +59746,7 @@ index 000000000..0e585e3c5 +') diff --git a/naemon.fc b/naemon.fc new file mode 100644 -index 000000000..85407d337 +index 0000000000..85407d3376 --- /dev/null +++ b/naemon.fc @@ -0,0 +1,11 @@ @@ -59763,7 +59763,7 @@ index 000000000..85407d337 +/var/run/naemon(/.*)? gen_context(system_u:object_r:naemon_var_run_t,s0) diff --git a/naemon.if b/naemon.if new file mode 100644 -index 000000000..e904df027 +index 0000000000..e904df0273 --- /dev/null +++ b/naemon.if @@ -0,0 +1,305 @@ @@ -60074,7 +60074,7 @@ index 000000000..e904df027 +') diff --git a/naemon.te b/naemon.te new file mode 100644 -index 000000000..79f1250eb +index 0000000000..79f1250ebc --- /dev/null +++ b/naemon.te @@ -0,0 +1,59 @@ @@ -60138,7 +60138,7 @@ index 000000000..79f1250eb + +fs_getattr_xattr_fs(naemon_t) diff --git a/nagios.fc b/nagios.fc -index d78dfc38d..c781b72bb 100644 +index d78dfc38d7..c781b72bba 100644 --- a/nagios.fc +++ b/nagios.fc @@ -1,88 +1,113 @@ @@ -60331,7 +60331,7 @@ index d78dfc38d..c781b72bb 100644 +/usr/lib/icinga/plugins/eventhandlers(/.*) gen_context(system_u:object_r:nagios_eventhandler_plugin_exec_t,s0) + diff --git a/nagios.if b/nagios.if -index 0641e970f..d012e9b04 100644 +index 0641e970ff..d012e9b045 100644 --- a/nagios.if +++ b/nagios.if @@ -1,12 +1,13 @@ @@ -60664,7 +60664,7 @@ index 0641e970f..d012e9b04 100644 + allow $1 nagios_unconfined_plugin_t:process signull; ') diff --git a/nagios.te b/nagios.te -index 7b3e682e6..02b65a000 100644 +index 7b3e682e6f..ad6f9cb62b 100644 --- a/nagios.te +++ b/nagios.te @@ -5,6 +5,33 @@ policy_module(nagios, 1.13.0) @@ -60728,7 +60728,7 @@ index 7b3e682e6..02b65a000 100644 type nrpe_t; type nrpe_exec_t; init_daemon_domain(nrpe_t, nrpe_exec_t) -@@ -63,44 +94,50 @@ files_pid_file(nrpe_var_run_t) +@@ -63,44 +94,52 @@ files_pid_file(nrpe_var_run_t) allow nagios_plugin_domain self:fifo_file rw_fifo_file_perms; @@ -60742,7 +60742,8 @@ index 7b3e682e6..02b65a000 100644 dontaudit nagios_plugin_domain nagios_log_t:file { read write }; -kernel_read_system_state(nagios_plugin_domain) -- ++corecmd_exec_bin(nagios_plugin_domain) + dev_read_urand(nagios_plugin_domain) dev_read_rand(nagios_plugin_domain) +dev_read_sysfs(nagios_plugin_domain) @@ -60793,7 +60794,7 @@ index 7b3e682e6..02b65a000 100644 manage_dirs_pattern(nagios_t, nagios_tmp_t, nagios_tmp_t) manage_files_pattern(nagios_t, nagios_tmp_t, nagios_tmp_t) -@@ -110,11 +147,15 @@ manage_files_pattern(nagios_t, nagios_var_run_t, nagios_var_run_t) +@@ -110,11 +149,15 @@ manage_files_pattern(nagios_t, nagios_var_run_t, nagios_var_run_t) files_pid_filetrans(nagios_t, nagios_var_run_t, file) manage_fifo_files_pattern(nagios_t, nagios_spool_t, nagios_spool_t) @@ -60811,7 +60812,7 @@ index 7b3e682e6..02b65a000 100644 kernel_read_system_state(nagios_t) kernel_read_kernel_sysctls(nagios_t) -@@ -123,7 +164,6 @@ kernel_read_software_raid_state(nagios_t) +@@ -123,7 +166,6 @@ kernel_read_software_raid_state(nagios_t) corecmd_exec_bin(nagios_t) corecmd_exec_shell(nagios_t) @@ -60819,7 +60820,7 @@ index 7b3e682e6..02b65a000 100644 corenet_all_recvfrom_netlabel(nagios_t) corenet_tcp_sendrecv_generic_if(nagios_t) corenet_tcp_sendrecv_generic_node(nagios_t) -@@ -143,18 +183,16 @@ domain_read_all_domains_state(nagios_t) +@@ -143,18 +185,16 @@ domain_read_all_domains_state(nagios_t) files_read_etc_runtime_files(nagios_t) files_read_kernel_symbol_table(nagios_t) @@ -60839,7 +60840,7 @@ index 7b3e682e6..02b65a000 100644 userdom_dontaudit_use_unpriv_user_fds(nagios_t) userdom_dontaudit_search_user_home_dirs(nagios_t) -@@ -162,6 +200,60 @@ mta_send_mail(nagios_t) +@@ -162,6 +202,60 @@ mta_send_mail(nagios_t) mta_signal_system_mail(nagios_t) mta_kill_system_mail(nagios_t) @@ -60900,7 +60901,7 @@ index 7b3e682e6..02b65a000 100644 optional_policy(` netutils_kill_ping(nagios_t) ') -@@ -178,35 +270,40 @@ optional_policy(` +@@ -178,35 +272,40 @@ optional_policy(` # # CGI local policy # @@ -60959,7 +60960,7 @@ index 7b3e682e6..02b65a000 100644 ') ######################################## -@@ -214,7 +311,7 @@ optional_policy(` +@@ -214,7 +313,7 @@ optional_policy(` # Nrpe local policy # @@ -60968,7 +60969,7 @@ index 7b3e682e6..02b65a000 100644 dontaudit nrpe_t self:capability { sys_tty_config sys_resource }; allow nrpe_t self:process { setpgid signal_perms setsched setrlimit }; allow nrpe_t self:fifo_file rw_fifo_file_perms; -@@ -229,9 +326,11 @@ files_pid_filetrans(nrpe_t, nrpe_var_run_t, file) +@@ -229,9 +328,11 @@ files_pid_filetrans(nrpe_t, nrpe_var_run_t, file) domtrans_pattern(nrpe_t, nagios_checkdisk_plugin_exec_t, nagios_checkdisk_plugin_t) @@ -60981,7 +60982,7 @@ index 7b3e682e6..02b65a000 100644 corecmd_exec_bin(nrpe_t) corecmd_exec_shell(nrpe_t) -@@ -252,8 +351,8 @@ dev_read_urand(nrpe_t) +@@ -252,8 +353,8 @@ dev_read_urand(nrpe_t) domain_use_interactive_fds(nrpe_t) domain_read_all_domains_state(nrpe_t) @@ -60991,7 +60992,7 @@ index 7b3e682e6..02b65a000 100644 fs_getattr_all_fs(nrpe_t) fs_search_auto_mountpoints(nrpe_t) -@@ -262,10 +361,56 @@ auth_use_nsswitch(nrpe_t) +@@ -262,10 +363,56 @@ auth_use_nsswitch(nrpe_t) logging_send_syslog_msg(nrpe_t) @@ -61050,7 +61051,7 @@ index 7b3e682e6..02b65a000 100644 optional_policy(` inetd_tcp_service_domain(nrpe_t, nrpe_exec_t) ') -@@ -309,16 +454,16 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t) +@@ -309,16 +456,16 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t) # Mail local policy # @@ -61071,7 +61072,7 @@ index 7b3e682e6..02b65a000 100644 logging_send_syslog_msg(nagios_mail_plugin_t) sysnet_dns_name_resolve(nagios_mail_plugin_t) -@@ -345,9 +490,14 @@ allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio }; +@@ -345,9 +492,14 @@ allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio }; kernel_read_software_raid_state(nagios_checkdisk_plugin_t) @@ -61086,7 +61087,7 @@ index 7b3e682e6..02b65a000 100644 fs_getattr_all_fs(nagios_checkdisk_plugin_t) storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t) -@@ -357,9 +507,11 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t) +@@ -357,9 +509,11 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t) # Services local policy # @@ -61100,7 +61101,7 @@ index 7b3e682e6..02b65a000 100644 corecmd_exec_bin(nagios_services_plugin_t) -@@ -391,6 +543,11 @@ optional_policy(` +@@ -391,6 +545,11 @@ optional_policy(` optional_policy(` mysql_stream_connect(nagios_services_plugin_t) @@ -61112,7 +61113,7 @@ index 7b3e682e6..02b65a000 100644 ') optional_policy(` -@@ -402,32 +559,40 @@ optional_policy(` +@@ -402,32 +561,40 @@ optional_policy(` # System local policy # @@ -61156,7 +61157,7 @@ index 7b3e682e6..02b65a000 100644 ####################################### # # Event local policy -@@ -442,11 +607,45 @@ corecmd_exec_shell(nagios_eventhandler_plugin_t) +@@ -442,11 +609,45 @@ corecmd_exec_shell(nagios_eventhandler_plugin_t) init_domtrans_script(nagios_eventhandler_plugin_t) @@ -61205,7 +61206,7 @@ index 7b3e682e6..02b65a000 100644 +') diff --git a/namespace.fc b/namespace.fc new file mode 100644 -index 000000000..ce51c8d4f +index 0000000000..ce51c8d4f1 --- /dev/null +++ b/namespace.fc @@ -0,0 +1,3 @@ @@ -61214,7 +61215,7 @@ index 000000000..ce51c8d4f + diff --git a/namespace.if b/namespace.if new file mode 100644 -index 000000000..8d7c75157 +index 0000000000..8d7c751573 --- /dev/null +++ b/namespace.if @@ -0,0 +1,48 @@ @@ -61268,7 +61269,7 @@ index 000000000..8d7c75157 +') diff --git a/namespace.te b/namespace.te new file mode 100644 -index 000000000..814e62e4f +index 0000000000..814e62e4fd --- /dev/null +++ b/namespace.te @@ -0,0 +1,41 @@ @@ -61314,7 +61315,7 @@ index 000000000..814e62e4f +userdom_relabelto_user_home_files(namespace_init_t) +userdom_filetrans_home_content(namespace_init_t) diff --git a/ncftool.if b/ncftool.if -index db9578f4e..4309e3da5 100644 +index db9578f4e0..4309e3da55 100644 --- a/ncftool.if +++ b/ncftool.if @@ -38,9 +38,11 @@ interface(`ncftool_domtrans',` @@ -61330,7 +61331,7 @@ index db9578f4e..4309e3da5 100644 ') + diff --git a/ncftool.te b/ncftool.te -index 71f30ba60..d61686078 100644 +index 71f30ba606..d61686078d 100644 --- a/ncftool.te +++ b/ncftool.te @@ -22,13 +22,14 @@ role ncftool_roles types ncftool_t; @@ -61389,7 +61390,7 @@ index 71f30ba60..d61686078 100644 optional_policy(` diff --git a/nessus.te b/nessus.te -index fe1068ba5..98166ee0b 100644 +index fe1068ba59..98166ee0b0 100644 --- a/nessus.te +++ b/nessus.te @@ -58,7 +58,6 @@ kernel_read_kernel_sysctls(nessusd_t) @@ -61418,7 +61419,7 @@ index fe1068ba5..98166ee0b 100644 userdom_dontaudit_use_unpriv_user_fds(nessusd_t) diff --git a/networkmanager.fc b/networkmanager.fc -index 94b973407..448a7e836 100644 +index 94b9734074..448a7e8364 100644 --- a/networkmanager.fc +++ b/networkmanager.fc @@ -1,44 +1,46 @@ @@ -61490,7 +61491,7 @@ index 94b973407..448a7e836 100644 +/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0) diff --git a/networkmanager.if b/networkmanager.if -index 86dc29dfa..690cb88a8 100644 +index 86dc29dfa8..690cb88a84 100644 --- a/networkmanager.if +++ b/networkmanager.if @@ -2,7 +2,7 @@ @@ -62046,7 +62047,7 @@ index 86dc29dfa..690cb88a8 100644 + logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log") ') diff --git a/networkmanager.te b/networkmanager.te -index 55f20095e..67738f4a8 100644 +index 55f20095e6..67738f4a88 100644 --- a/networkmanager.te +++ b/networkmanager.te @@ -9,15 +9,18 @@ type NetworkManager_t; @@ -62497,7 +62498,7 @@ index 55f20095e..67738f4a8 100644 term_dontaudit_use_console(wpa_cli_t) diff --git a/ninfod.fc b/ninfod.fc new file mode 100644 -index 000000000..cc31b9f27 +index 0000000000..cc31b9f273 --- /dev/null +++ b/ninfod.fc @@ -0,0 +1,6 @@ @@ -62509,7 +62510,7 @@ index 000000000..cc31b9f27 + diff --git a/ninfod.if b/ninfod.if new file mode 100644 -index 000000000..409de8c3e +index 0000000000..409de8c3ef --- /dev/null +++ b/ninfod.if @@ -0,0 +1,80 @@ @@ -62595,7 +62596,7 @@ index 000000000..409de8c3e +') diff --git a/ninfod.te b/ninfod.te new file mode 100644 -index 000000000..b3aa3ce13 +index 0000000000..b3aa3ce13e --- /dev/null +++ b/ninfod.te @@ -0,0 +1,36 @@ @@ -62636,7 +62637,7 @@ index 000000000..b3aa3ce13 + +sysnet_dns_name_resolve(ninfod_t) diff --git a/nis.fc b/nis.fc -index 8aa1bfa28..cd0e015f8 100644 +index 8aa1bfa28e..cd0e015f84 100644 --- a/nis.fc +++ b/nis.fc @@ -2,21 +2,26 @@ @@ -62671,7 +62672,7 @@ index 8aa1bfa28..cd0e015f8 100644 +/usr/lib/systemd/system/yppasswdd.* -- gen_context(system_u:object_r:nis_unit_file_t,s0) +/usr/lib/systemd/system/ypxfrd.* -- gen_context(system_u:object_r:nis_unit_file_t,s0) diff --git a/nis.if b/nis.if -index 46e55c3ff..afe399a0e 100644 +index 46e55c3ff1..afe399a0ea 100644 --- a/nis.if +++ b/nis.if @@ -1,4 +1,4 @@ @@ -62941,7 +62942,7 @@ index 46e55c3ff..afe399a0e 100644 + allow $1 nis_unit_file_t:service all_service_perms; ') diff --git a/nis.te b/nis.te -index 3a6b0352e..31577d567 100644 +index 3a6b0352eb..31577d5675 100644 --- a/nis.te +++ b/nis.te @@ -5,8 +5,6 @@ policy_module(nis, 1.12.0) @@ -63268,7 +63269,7 @@ index 3a6b0352e..31577d567 100644 sysnet_read_config(ypxfr_t) diff --git a/nova.fc b/nova.fc new file mode 100644 -index 000000000..b5fab0e6a +index 0000000000..b5fab0e6ac --- /dev/null +++ b/nova.fc @@ -0,0 +1,25 @@ @@ -63299,7 +63300,7 @@ index 000000000..b5fab0e6a +/var/run/nova(/.*)? gen_context(system_u:object_r:nova_var_run_t,s0) diff --git a/nova.if b/nova.if new file mode 100644 -index 000000000..e32832705 +index 0000000000..e328327057 --- /dev/null +++ b/nova.if @@ -0,0 +1,47 @@ @@ -63352,7 +63353,7 @@ index 000000000..e32832705 +') diff --git a/nova.te b/nova.te new file mode 100644 -index 000000000..af8dd5527 +index 0000000000..af8dd5527d --- /dev/null +++ b/nova.te @@ -0,0 +1,204 @@ @@ -63561,7 +63562,7 @@ index 000000000..af8dd5527 +') + diff --git a/nscd.fc b/nscd.fc -index ba6448507..429bd799c 100644 +index ba64485074..429bd799c8 100644 --- a/nscd.fc +++ b/nscd.fc @@ -1,13 +1,15 @@ @@ -63586,7 +63587,7 @@ index ba6448507..429bd799c 100644 + +/usr/lib/systemd/system/nscd\.service -- gen_context(system_u:object_r:nscd_unit_file_t,s0) diff --git a/nscd.if b/nscd.if -index 8f2ab09f5..e05a0c73e 100644 +index 8f2ab09f51..e05a0c73ef 100644 --- a/nscd.if +++ b/nscd.if @@ -1,8 +1,8 @@ @@ -63912,7 +63913,7 @@ index 8f2ab09f5..e05a0c73e 100644 + allow $1 nscd_unit_file_t:service all_service_perms; ') diff --git a/nscd.te b/nscd.te -index bcd7d0a7d..1cd3a8b62 100644 +index bcd7d0a7d5..1cd3a8b62f 100644 --- a/nscd.te +++ b/nscd.te @@ -4,33 +4,34 @@ gen_require(` @@ -64107,7 +64108,7 @@ index bcd7d0a7d..1cd3a8b62 100644 + unconfined_dontaudit_rw_packet_sockets(nscd_t) +') diff --git a/nsd.fc b/nsd.fc -index 4f2b1b663..0e24b49a9 100644 +index 4f2b1b663c..0e24b49a92 100644 --- a/nsd.fc +++ b/nsd.fc @@ -1,16 +1,19 @@ @@ -64141,7 +64142,7 @@ index 4f2b1b663..0e24b49a9 100644 + +/var/log/nsd\.log.* -- gen_context(system_u:object_r:nsd_log_t,s0) diff --git a/nsd.if b/nsd.if -index a9c60ff87..ad4f14ad6 100644 +index a9c60ff87b..ad4f14ad60 100644 --- a/nsd.if +++ b/nsd.if @@ -1,8 +1,8 @@ @@ -64230,7 +64231,7 @@ index a9c60ff87..ad4f14ad6 100644 + refpolicywarn(`$0($*) has been deprecated.') ') diff --git a/nsd.te b/nsd.te -index 47bb1d204..94070d223 100644 +index 47bb1d2049..94070d2237 100644 --- a/nsd.te +++ b/nsd.te @@ -9,9 +9,7 @@ type nsd_t; @@ -64423,7 +64424,7 @@ index 47bb1d204..94070d223 100644 cron_system_entry(nsd_crond_t, nsd_exec_t) ') diff --git a/nslcd.fc b/nslcd.fc -index 402100e40..ce913b244 100644 +index 402100e40f..ce913b2442 100644 --- a/nslcd.fc +++ b/nslcd.fc @@ -1,7 +1,4 @@ @@ -64439,7 +64440,7 @@ index 402100e40..ce913b244 100644 +/usr/sbin/nslcd -- gen_context(system_u:object_r:nslcd_exec_t,s0) +/var/run/nslcd(/.*)? gen_context(system_u:object_r:nslcd_var_run_t,s0) diff --git a/nslcd.if b/nslcd.if -index 97df768d9..852d1c6c7 100644 +index 97df768d94..852d1c6c7a 100644 --- a/nslcd.if +++ b/nslcd.if @@ -1,4 +1,4 @@ @@ -64557,7 +64558,7 @@ index 97df768d9..852d1c6c7 100644 + admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t) ') diff --git a/nslcd.te b/nslcd.te -index 421bf1a56..1be3b6b30 100644 +index 421bf1a56c..1be3b6b306 100644 --- a/nslcd.te +++ b/nslcd.te @@ -20,12 +20,12 @@ files_config_file(nslcd_conf_t) @@ -64618,7 +64619,7 @@ index 421bf1a56..1be3b6b30 100644 + diff --git a/nsplugin.fc b/nsplugin.fc new file mode 100644 -index 000000000..22e6c963c +index 0000000000..22e6c963c0 --- /dev/null +++ b/nsplugin.fc @@ -0,0 +1,11 @@ @@ -64635,7 +64636,7 @@ index 000000000..22e6c963c +/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0) diff --git a/nsplugin.if b/nsplugin.if new file mode 100644 -index 000000000..bceb5271e +index 0000000000..bceb5271eb --- /dev/null +++ b/nsplugin.if @@ -0,0 +1,474 @@ @@ -65115,7 +65116,7 @@ index 000000000..bceb5271e +') diff --git a/nsplugin.te b/nsplugin.te new file mode 100644 -index 000000000..7d839fe6e +index 0000000000..7d839fe6ec --- /dev/null +++ b/nsplugin.te @@ -0,0 +1,318 @@ @@ -65438,7 +65439,7 @@ index 000000000..7d839fe6e + pulseaudio_setattr_home_dir(nsplugin_t) +') diff --git a/ntop.te b/ntop.te -index 8ec78595b..c696f6765 100644 +index 8ec78595b8..c696f67651 100644 --- a/ntop.te +++ b/ntop.te @@ -29,10 +29,11 @@ files_pid_file(ntop_var_run_t) @@ -65487,7 +65488,7 @@ index 8ec78595b..c696f6765 100644 seutil_sigchld_newrole(ntop_t) ') diff --git a/ntp.fc b/ntp.fc -index af3c91e70..3e5f9cfa6 100644 +index af3c91e703..3e5f9cfa60 100644 --- a/ntp.fc +++ b/ntp.fc @@ -11,9 +11,13 @@ @@ -65505,7 +65506,7 @@ index af3c91e70..3e5f9cfa6 100644 /var/log/ntp.* -- gen_context(system_u:object_r:ntpd_log_t,s0) diff --git a/ntp.if b/ntp.if -index e96a309a5..42453089c 100644 +index e96a309a50..42453089c8 100644 --- a/ntp.if +++ b/ntp.if @@ -1,4 +1,4 @@ @@ -65747,7 +65748,7 @@ index e96a309a5..42453089c 100644 +') + diff --git a/ntp.te b/ntp.te -index f81b113c7..bc1e8ce99 100644 +index f81b113c78..bc1e8ce997 100644 --- a/ntp.te +++ b/ntp.te @@ -18,6 +18,9 @@ role ntpd_roles types ntpd_t; @@ -65874,7 +65875,7 @@ index f81b113c7..bc1e8ce99 100644 udev_read_db(ntpd_t) ') diff --git a/numad.fc b/numad.fc -index 3488bb0d3..1f9762420 100644 +index 3488bb0d36..1f97624205 100644 --- a/numad.fc +++ b/numad.fc @@ -1,7 +1,7 @@ @@ -65890,7 +65891,7 @@ index 3488bb0d3..1f9762420 100644 -/var/run/numad\.pid -- gen_context(system_u:object_r:numad_var_run_t,s0) +/var/run/numad\.pid -- gen_context(system_u:object_r:numad_var_run_t,s0) diff --git a/numad.if b/numad.if -index 0d3c270b9..f307835ce 100644 +index 0d3c270b9e..f307835ce8 100644 --- a/numad.if +++ b/numad.if @@ -1,39 +1,93 @@ @@ -66006,7 +66007,7 @@ index 0d3c270b9..f307835ce 100644 + ') ') diff --git a/numad.te b/numad.te -index b0a1be482..303a9279f 100644 +index b0a1be4825..303a9279f7 100644 --- a/numad.te +++ b/numad.te @@ -8,37 +8,44 @@ policy_module(numad, 1.1.0) @@ -66067,7 +66068,7 @@ index b0a1be482..303a9279f 100644 + virt_ptrace(numad_t) +') diff --git a/nut.fc b/nut.fc -index 379af962c..fac7d7bc9 100644 +index 379af962cb..fac7d7bc91 100644 --- a/nut.fc +++ b/nut.fc @@ -1,23 +1,16 @@ @@ -66102,7 +66103,7 @@ index 379af962c..fac7d7bc9 100644 +/var/www/nut-cgi-bin/upsset\.cgi -- gen_context(system_u:object_r:nutups_cgi_script_exec_t,s0) +/var/www/nut-cgi-bin/upsstats\.cgi -- gen_context(system_u:object_r:nutups_cgi_script_exec_t,s0) diff --git a/nut.if b/nut.if -index 57c0161ed..c554eb6e1 100644 +index 57c0161edb..c554eb6e16 100644 --- a/nut.if +++ b/nut.if @@ -1,39 +1,60 @@ @@ -66193,7 +66194,7 @@ index 57c0161ed..c554eb6e1 100644 + ps_process_pattern($1, nut_t) ') diff --git a/nut.te b/nut.te -index 5b2cb0d59..35b45d22e 100644 +index 5b2cb0d595..35b45d22eb 100644 --- a/nut.te +++ b/nut.te @@ -7,154 +7,143 @@ policy_module(nut, 1.3.0) @@ -66415,7 +66416,7 @@ index 5b2cb0d59..35b45d22e 100644 + sysnet_dns_name_resolve(nutups_cgi_script_t) ') diff --git a/nx.if b/nx.if -index 251d6816a..50ae2a94b 100644 +index 251d6816a0..50ae2a94b9 100644 --- a/nx.if +++ b/nx.if @@ -35,7 +35,9 @@ interface(`nx_read_home_files',` @@ -66452,7 +66453,7 @@ index 251d6816a..50ae2a94b 100644 + filetrans_pattern($1, nx_server_var_lib_t, nx_server_home_ssh_t, dir, ".ssh") +') diff --git a/nx.te b/nx.te -index 091f87272..62a0b1229 100644 +index 091f872723..62a0b1229d 100644 --- a/nx.te +++ b/nx.te @@ -27,6 +27,9 @@ files_type(nx_server_var_lib_t) @@ -66497,7 +66498,7 @@ index 091f87272..62a0b1229 100644 sysnet_read_config(nx_server_t) diff --git a/oav.te b/oav.te -index b09c4c412..995c3f6a6 100644 +index b09c4c4129..995c3f6a6d 100644 --- a/oav.te +++ b/oav.te @@ -95,7 +95,6 @@ dev_read_sysfs(scannerdaemon_t) @@ -66509,7 +66510,7 @@ index b09c4c412..995c3f6a6 100644 files_search_var_lib(scannerdaemon_t) diff --git a/obex.fc b/obex.fc -index 03fa56040..b254dd104 100644 +index 03fa56040a..b254dd1041 100644 --- a/obex.fc +++ b/obex.fc @@ -1 +1,2 @@ @@ -66517,7 +66518,7 @@ index 03fa56040..b254dd104 100644 +/usr/bin/obex-data-server -- gen_context(system_u:object_r:obex_exec_t,s0) +/usr/libexec/bluetooth/obexd -- gen_context(system_u:object_r:obex_exec_t,s0) diff --git a/obex.if b/obex.if -index 8635ea205..eec20b413 100644 +index 8635ea2057..eec20b4134 100644 --- a/obex.if +++ b/obex.if @@ -1,15 +1,50 @@ @@ -66664,7 +66665,7 @@ index 8635ea205..eec20b413 100644 + obex_dbus_chat($2) ') diff --git a/obex.te b/obex.te -index cd29ea899..d01d2c8e6 100644 +index cd29ea899a..d01d2c8e61 100644 --- a/obex.te +++ b/obex.te @@ -1,4 +1,4 @@ @@ -66710,7 +66711,7 @@ index cd29ea899..d01d2c8e6 100644 ') ') diff --git a/oddjob.fc b/oddjob.fc -index dd1d9ef5a..c48733aa4 100644 +index dd1d9ef5a3..c48733aa4b 100644 --- a/oddjob.fc +++ b/oddjob.fc @@ -1,10 +1,12 @@ @@ -66732,7 +66733,7 @@ index dd1d9ef5a..c48733aa4 100644 -/var/run/oddjobd\.pid gen_context(system_u:object_r:oddjob_var_run_t,s0) +/var/run/oddjobd\.pid gen_context(system_u:object_r:oddjob_var_run_t,s0) diff --git a/oddjob.if b/oddjob.if -index c87bd2a30..c7bfd1fde 100644 +index c87bd2a301..c7bfd1fdec 100644 --- a/oddjob.if +++ b/oddjob.if @@ -1,4 +1,8 @@ @@ -66974,7 +66975,7 @@ index c87bd2a30..c7bfd1fde 100644 + allow $1 oddjob_mkhomedir_exec_t:file entrypoint; ') diff --git a/oddjob.te b/oddjob.te -index e403097c6..4737529c6 100644 +index e403097c65..4737529c6f 100644 --- a/oddjob.te +++ b/oddjob.te @@ -5,8 +5,6 @@ policy_module(oddjob, 1.10.0) @@ -67085,7 +67086,7 @@ index e403097c6..4737529c6 100644 +userdom_stream_connect(oddjob_mkhomedir_t) + diff --git a/openct.te b/openct.te -index 3b6920e31..3e9b17fde 100644 +index 3b6920e31a..3e9b17fdea 100644 --- a/openct.te +++ b/openct.te @@ -29,12 +29,12 @@ manage_files_pattern(openct_t, openct_var_run_t, openct_var_run_t) @@ -67121,7 +67122,7 @@ index 3b6920e31..3e9b17fde 100644 diff --git a/opendnssec.fc b/opendnssec.fc new file mode 100644 -index 000000000..08d0e793d +index 0000000000..08d0e793d7 --- /dev/null +++ b/opendnssec.fc @@ -0,0 +1,14 @@ @@ -67141,7 +67142,7 @@ index 000000000..08d0e793d +/var/opendnssec(/.*)? gen_context(system_u:object_r:opendnssec_var_t,s0) diff --git a/opendnssec.if b/opendnssec.if new file mode 100644 -index 000000000..31d6b7069 +index 0000000000..31d6b70698 --- /dev/null +++ b/opendnssec.if @@ -0,0 +1,207 @@ @@ -67354,7 +67355,7 @@ index 000000000..31d6b7069 +') diff --git a/opendnssec.te b/opendnssec.te new file mode 100644 -index 000000000..e246d45a5 +index 0000000000..e246d45a5c --- /dev/null +++ b/opendnssec.te @@ -0,0 +1,68 @@ @@ -67427,7 +67428,7 @@ index 000000000..e246d45a5 +') + diff --git a/openhpi.te b/openhpi.te -index 8de619112..1a01e99f2 100644 +index 8de619112d..1a01e99f2c 100644 --- a/openhpi.te +++ b/openhpi.te @@ -38,6 +38,8 @@ files_var_lib_filetrans(openhpid_t, openhpid_var_lib_t, dir) @@ -67454,7 +67455,7 @@ index 8de619112..1a01e99f2 100644 +') diff --git a/openhpid.fc b/openhpid.fc new file mode 100644 -index 000000000..df219e6ef +index 0000000000..df219e6efc --- /dev/null +++ b/openhpid.fc @@ -0,0 +1,10 @@ @@ -67470,7 +67471,7 @@ index 000000000..df219e6ef +/var/run/openhpid\.pid -- gen_context(system_u:object_r:openhpid_var_run_t,s0) diff --git a/openhpid.if b/openhpid.if new file mode 100644 -index 000000000..598789a3b +index 0000000000..598789a3bb --- /dev/null +++ b/openhpid.if @@ -0,0 +1,159 @@ @@ -67635,7 +67636,7 @@ index 000000000..598789a3b + diff --git a/openhpid.te b/openhpid.te new file mode 100644 -index 000000000..a0e0eafce +index 0000000000..a0e0eafcee --- /dev/null +++ b/openhpid.te @@ -0,0 +1,67 @@ @@ -67708,21 +67709,21 @@ index 000000000..a0e0eafce +') diff --git a/openshift-origin.fc b/openshift-origin.fc new file mode 100644 -index 000000000..30ca148ee +index 0000000000..30ca148ee4 --- /dev/null +++ b/openshift-origin.fc @@ -0,0 +1 @@ +# Left Blank diff --git a/openshift-origin.if b/openshift-origin.if new file mode 100644 -index 000000000..3eb6a3057 +index 0000000000..3eb6a3057b --- /dev/null +++ b/openshift-origin.if @@ -0,0 +1 @@ +## diff --git a/openshift-origin.te b/openshift-origin.te new file mode 100644 -index 000000000..a437f80ca +index 0000000000..a437f80cae --- /dev/null +++ b/openshift-origin.te @@ -0,0 +1,13 @@ @@ -67741,7 +67742,7 @@ index 000000000..a437f80ca +files_read_config_files(openshift_domain) diff --git a/openshift.fc b/openshift.fc new file mode 100644 -index 000000000..5a2f97ef6 +index 0000000000..5a2f97ef68 --- /dev/null +++ b/openshift.fc @@ -0,0 +1,30 @@ @@ -67777,7 +67778,7 @@ index 000000000..5a2f97ef6 +/var/run/openshift(/.*)? gen_context(system_u:object_r:openshift_var_run_t,s0) diff --git a/openshift.if b/openshift.if new file mode 100644 -index 000000000..c20cac397 +index 0000000000..c20cac3970 --- /dev/null +++ b/openshift.if @@ -0,0 +1,697 @@ @@ -68480,7 +68481,7 @@ index 000000000..c20cac397 +') diff --git a/openshift.te b/openshift.te new file mode 100644 -index 000000000..a98990f3a +index 0000000000..a98990f3ab --- /dev/null +++ b/openshift.te @@ -0,0 +1,634 @@ @@ -69120,7 +69121,7 @@ index 000000000..a98990f3a +') diff --git a/opensm.fc b/opensm.fc new file mode 100644 -index 000000000..65511ed7a +index 0000000000..65511ed7af --- /dev/null +++ b/opensm.fc @@ -0,0 +1,7 @@ @@ -69133,7 +69134,7 @@ index 000000000..65511ed7a +/var/log/opensm.* -- gen_context(system_u:object_r:opensm_log_t,s0) diff --git a/opensm.if b/opensm.if new file mode 100644 -index 000000000..45de66477 +index 0000000000..45de664777 --- /dev/null +++ b/opensm.if @@ -0,0 +1,224 @@ @@ -69363,7 +69364,7 @@ index 000000000..45de66477 +') diff --git a/opensm.te b/opensm.te new file mode 100644 -index 000000000..81c7870cf +index 0000000000..81c7870cf5 --- /dev/null +++ b/opensm.te @@ -0,0 +1,49 @@ @@ -69417,7 +69418,7 @@ index 000000000..81c7870cf + +logging_send_syslog_msg(opensm_t) diff --git a/openvpn.fc b/openvpn.fc -index 300213f83..4cdfe097c 100644 +index 300213f834..4cdfe097c1 100644 --- a/openvpn.fc +++ b/openvpn.fc @@ -1,10 +1,13 @@ @@ -69435,7 +69436,7 @@ index 300213f83..4cdfe097c 100644 /var/log/openvpn.* gen_context(system_u:object_r:openvpn_var_log_t,s0) diff --git a/openvpn.if b/openvpn.if -index 6837e9a2b..8d6e33b00 100644 +index 6837e9a2bd..8d6e33b005 100644 --- a/openvpn.if +++ b/openvpn.if @@ -20,6 +20,25 @@ interface(`openvpn_domtrans',` @@ -69525,7 +69526,7 @@ index 6837e9a2b..8d6e33b00 100644 domain_system_change_exemption($1) role_transition $2 openvpn_initrc_exec_t system_r; diff --git a/openvpn.te b/openvpn.te -index 63957a362..91dead6e7 100644 +index 63957a3627..91dead6e7f 100644 --- a/openvpn.te +++ b/openvpn.te @@ -5,6 +5,13 @@ policy_module(openvpn, 1.12.2) @@ -69717,7 +69718,7 @@ index 63957a362..91dead6e7 100644 + can_exec(openvpn_t, openvpn_unconfined_script_exec_t) +') diff --git a/openvswitch.fc b/openvswitch.fc -index 45d7cc508..c5b9607c1 100644 +index 45d7cc5080..c5b9607c12 100644 --- a/openvswitch.fc +++ b/openvswitch.fc @@ -1,12 +1,16 @@ @@ -69745,7 +69746,7 @@ index 45d7cc508..c5b9607c1 100644 -/var/run/openvswitch(/.*)? gen_context(system_u:object_r:openvswitch_var_run_t,s0) +/etc/openvswitch(/.*)? gen_context(system_u:object_r:openvswitch_rw_t,s0) diff --git a/openvswitch.if b/openvswitch.if -index 9b157305b..cb00f200a 100644 +index 9b157305b1..cb00f200a4 100644 --- a/openvswitch.if +++ b/openvswitch.if @@ -1,13 +1,14 @@ @@ -70018,7 +70019,7 @@ index 9b157305b..cb00f200a 100644 + ') ') diff --git a/openvswitch.te b/openvswitch.te -index 44dbc99ab..f2c237099 100644 +index 44dbc99ab8..f2c2370993 100644 --- a/openvswitch.te +++ b/openvswitch.te @@ -9,11 +9,8 @@ type openvswitch_t; @@ -70194,7 +70195,7 @@ index 44dbc99ab..f2c237099 100644 +') diff --git a/openwsman.fc b/openwsman.fc new file mode 100644 -index 000000000..00d0643d9 +index 0000000000..00d0643d9f --- /dev/null +++ b/openwsman.fc @@ -0,0 +1,7 @@ @@ -70207,7 +70208,7 @@ index 000000000..00d0643d9 +/var/run/wsmand.* -- gen_context(system_u:object_r:openwsman_run_t,s0) diff --git a/openwsman.if b/openwsman.if new file mode 100644 -index 000000000..747853a1a +index 0000000000..747853a1ac --- /dev/null +++ b/openwsman.if @@ -0,0 +1,79 @@ @@ -70292,7 +70293,7 @@ index 000000000..747853a1a +') diff --git a/openwsman.te b/openwsman.te new file mode 100644 -index 000000000..3bcd32cdf +index 0000000000..3bcd32cdf7 --- /dev/null +++ b/openwsman.te @@ -0,0 +1,74 @@ @@ -70372,7 +70373,7 @@ index 000000000..3bcd32cdf + diff --git a/oracleasm.fc b/oracleasm.fc new file mode 100644 -index 000000000..5655facf0 +index 0000000000..5655facf09 --- /dev/null +++ b/oracleasm.fc @@ -0,0 +1,8 @@ @@ -70386,7 +70387,7 @@ index 000000000..5655facf0 +/usr/sbin/oracleasm -- gen_context(system_u:object_r:oracleasm_exec_t,s0) diff --git a/oracleasm.if b/oracleasm.if new file mode 100644 -index 000000000..6ae382cb9 +index 0000000000..6ae382cb90 --- /dev/null +++ b/oracleasm.if @@ -0,0 +1,75 @@ @@ -70467,7 +70468,7 @@ index 000000000..6ae382cb9 + diff --git a/oracleasm.te b/oracleasm.te new file mode 100644 -index 000000000..76250e0c6 +index 0000000000..76250e0c66 --- /dev/null +++ b/oracleasm.te @@ -0,0 +1,67 @@ @@ -70540,7 +70541,7 @@ index 000000000..76250e0c6 +') diff --git a/osad.fc b/osad.fc new file mode 100644 -index 000000000..cf911d54e +index 0000000000..cf911d54ea --- /dev/null +++ b/osad.fc @@ -0,0 +1,7 @@ @@ -70553,7 +70554,7 @@ index 000000000..cf911d54e +/var/run/osad.* -- gen_context(system_u:object_r:osad_var_run_t,s0) diff --git a/osad.if b/osad.if new file mode 100644 -index 000000000..05648bd2a +index 0000000000..05648bd2a2 --- /dev/null +++ b/osad.if @@ -0,0 +1,165 @@ @@ -70724,7 +70725,7 @@ index 000000000..05648bd2a +') diff --git a/osad.te b/osad.te new file mode 100644 -index 000000000..6c2f26442 +index 0000000000..6c2f264423 --- /dev/null +++ b/osad.te @@ -0,0 +1,56 @@ @@ -70785,7 +70786,7 @@ index 000000000..6c2f26442 + rpm_domtrans(osad_t) +') diff --git a/pacemaker.fc b/pacemaker.fc -index 2f0ad56d6..d4da0b8d0 100644 +index 2f0ad56d67..d4da0b8d00 100644 --- a/pacemaker.fc +++ b/pacemaker.fc @@ -1,5 +1,7 @@ @@ -70797,7 +70798,7 @@ index 2f0ad56d6..d4da0b8d0 100644 /var/lib/heartbeat/crm(/.*)? gen_context(system_u:object_r:pacemaker_var_lib_t,s0) diff --git a/pacemaker.if b/pacemaker.if -index 9682d9af8..f1f421f9e 100644 +index 9682d9af84..f1f421f9e4 100644 --- a/pacemaker.if +++ b/pacemaker.if @@ -1,9 +1,167 @@ @@ -71006,7 +71007,7 @@ index 9682d9af8..f1f421f9e 100644 + ') ') diff --git a/pacemaker.te b/pacemaker.te -index 6e6efb642..d56c04963 100644 +index 6e6efb6421..d56c04963a 100644 --- a/pacemaker.te +++ b/pacemaker.te @@ -5,6 +5,13 @@ policy_module(pacemaker, 1.1.0) @@ -71107,7 +71108,7 @@ index 6e6efb642..d56c04963 100644 + rgmanager_execute_lib(pacemaker_t) ') diff --git a/pads.if b/pads.if -index 6e097c919..503c97a2d 100644 +index 6e097c9194..503c97a2d9 100644 --- a/pads.if +++ b/pads.if @@ -17,15 +17,19 @@ @@ -71133,7 +71134,7 @@ index 6e097c919..503c97a2d 100644 domain_system_change_exemption($1) role_transition $2 pads_initrc_exec_t system_r; diff --git a/pads.te b/pads.te -index 078adc478..f0c65e5de 100644 +index 078adc4783..f0c65e5dec 100644 --- a/pads.te +++ b/pads.te @@ -24,9 +24,12 @@ files_pid_file(pads_var_run_t) @@ -71171,7 +71172,7 @@ index 078adc478..f0c65e5de 100644 sysnet_dns_name_resolve(pads_t) diff --git a/passenger.fc b/passenger.fc -index 2c389ea7c..9155bd0dd 100644 +index 2c389ea7cc..9155bd0dd4 100644 --- a/passenger.fc +++ b/passenger.fc @@ -1,10 +1,12 @@ @@ -71195,7 +71196,7 @@ index 2c389ea7c..9155bd0dd 100644 + +/var/run/passenger(/.*)? gen_context(system_u:object_r:passenger_var_run_t,s0) diff --git a/passenger.if b/passenger.if -index bf59ef731..0e333279c 100644 +index bf59ef7312..0e333279cd 100644 --- a/passenger.if +++ b/passenger.if @@ -15,17 +15,17 @@ interface(`passenger_domtrans',` @@ -71367,7 +71368,7 @@ index bf59ef731..0e333279c 100644 +') + diff --git a/passenger.te b/passenger.te -index 08ec33bf2..175a4ed46 100644 +index 08ec33bf21..175a4ed46d 100644 --- a/passenger.te +++ b/passenger.te @@ -1,4 +1,4 @@ @@ -71499,7 +71500,7 @@ index 08ec33bf2..175a4ed46 100644 + rpm_read_db(passenger_t) ') diff --git a/pcmcia.te b/pcmcia.te -index 8176e4aa4..2df178919 100644 +index 8176e4aa4b..2df178919a 100644 --- a/pcmcia.te +++ b/pcmcia.te @@ -88,20 +88,17 @@ libs_exec_lib_files(cardmgr_t) @@ -71526,7 +71527,7 @@ index 8176e4aa4..2df178919 100644 diff --git a/pcp.fc b/pcp.fc new file mode 100644 -index 000000000..de7c78ca0 +index 0000000000..de7c78ca04 --- /dev/null +++ b/pcp.fc @@ -0,0 +1,33 @@ @@ -71565,7 +71566,7 @@ index 000000000..de7c78ca0 +/var/run/pmlogger\.primary\.socket -l gen_context(system_u:object_r:pcp_var_run_t,s0) diff --git a/pcp.if b/pcp.if new file mode 100644 -index 000000000..abb250dba +index 0000000000..abb250dbaf --- /dev/null +++ b/pcp.if @@ -0,0 +1,160 @@ @@ -71731,11 +71732,11 @@ index 000000000..abb250dba +') diff --git a/pcp.pp b/pcp.pp new file mode 100644 -index 000000000..fa4cfaa88 +index 0000000000..fa4cfaa88c Binary files /dev/null and b/pcp.pp differ diff --git a/pcp.te b/pcp.te new file mode 100644 -index 000000000..89c3f11d8 +index 0000000000..89c3f11d8b --- /dev/null +++ b/pcp.te @@ -0,0 +1,316 @@ @@ -72056,7 +72057,7 @@ index 000000000..89c3f11d8 + xserver_dontaudit_search_log(pcp_pmlogger_t) +') diff --git a/pcscd.if b/pcscd.if -index 43d50f95b..6b1544f62 100644 +index 43d50f95bd..6b1544f621 100644 --- a/pcscd.if +++ b/pcscd.if @@ -17,6 +17,8 @@ interface(`pcscd_domtrans',` @@ -72078,7 +72079,7 @@ index 43d50f95b..6b1544f62 100644 ######################################## diff --git a/pcscd.te b/pcscd.te -index 1fb196410..5212cd203 100644 +index 1fb1964107..5212cd2030 100644 --- a/pcscd.te +++ b/pcscd.te @@ -22,10 +22,11 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd") @@ -72158,7 +72159,7 @@ index 1fb196410..5212cd203 100644 +') + diff --git a/pegasus.fc b/pegasus.fc -index dfd46e412..feaa8e174 100644 +index dfd46e4126..feaa8e174c 100644 --- a/pegasus.fc +++ b/pegasus.fc @@ -1,15 +1,33 @@ @@ -72204,7 +72205,7 @@ index dfd46e412..feaa8e174 100644 +/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0) +/usr/libexec/pegasus/cmpiLMI_Hardware-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0) diff --git a/pegasus.if b/pegasus.if -index d2fc677c1..86dce34a2 100644 +index d2fc677c11..86dce34a22 100644 --- a/pegasus.if +++ b/pegasus.if @@ -1,52 +1,60 @@ @@ -72305,7 +72306,7 @@ index d2fc677c1..86dce34a2 100644 ') + diff --git a/pegasus.te b/pegasus.te -index 608f454d8..a78b356aa 100644 +index 608f454d8e..a78b356aa7 100644 --- a/pegasus.te +++ b/pegasus.te @@ -5,13 +5,12 @@ policy_module(pegasus, 1.9.0) @@ -72855,7 +72856,7 @@ index 608f454d8..a78b356aa 100644 xen_stream_connect_xenstore(pegasus_t) diff --git a/pesign.fc b/pesign.fc new file mode 100644 -index 000000000..7b54c3926 +index 0000000000..7b54c3926b --- /dev/null +++ b/pesign.fc @@ -0,0 +1,6 @@ @@ -72867,7 +72868,7 @@ index 000000000..7b54c3926 +/var/run/pesign\.pid -- gen_context(system_u:object_r:pesign_var_run_t,s0) diff --git a/pesign.if b/pesign.if new file mode 100644 -index 000000000..4d531cb9d +index 0000000000..4d531cb9dc --- /dev/null +++ b/pesign.if @@ -0,0 +1,99 @@ @@ -72972,7 +72973,7 @@ index 000000000..4d531cb9d +') diff --git a/pesign.te b/pesign.te new file mode 100644 -index 000000000..55d7442b0 +index 0000000000..55d7442b04 --- /dev/null +++ b/pesign.te @@ -0,0 +1,54 @@ @@ -73031,7 +73032,7 @@ index 000000000..55d7442b0 +miscfiles_read_certs(pesign_t) +miscfiles_read_localization(pesign_t) diff --git a/pingd.if b/pingd.if -index 21a6ecbe7..b99e4cb0b 100644 +index 21a6ecbe79..b99e4cb0b5 100644 --- a/pingd.if +++ b/pingd.if @@ -55,7 +55,8 @@ interface(`pingd_manage_config',` @@ -73060,7 +73061,7 @@ index 21a6ecbe7..b99e4cb0b 100644 domain_system_change_exemption($1) role_transition $2 pingd_initrc_exec_t system_r; diff --git a/pingd.te b/pingd.te -index ab0106027..778c8eb12 100644 +index ab01060275..778c8eb12c 100644 --- a/pingd.te +++ b/pingd.te @@ -10,7 +10,7 @@ type pingd_exec_t; @@ -73087,7 +73088,7 @@ index ab0106027..778c8eb12 100644 -miscfiles_read_localization(pingd_t) diff --git a/piranha.fc b/piranha.fc new file mode 100644 -index 000000000..20ea9f54b +index 0000000000..20ea9f54b2 --- /dev/null +++ b/piranha.fc @@ -0,0 +1,24 @@ @@ -73117,7 +73118,7 @@ index 000000000..20ea9f54b + diff --git a/piranha.if b/piranha.if new file mode 100644 -index 000000000..cf54103b6 +index 0000000000..cf54103b6a --- /dev/null +++ b/piranha.if @@ -0,0 +1,187 @@ @@ -73310,7 +73311,7 @@ index 000000000..cf54103b6 +') diff --git a/piranha.te b/piranha.te new file mode 100644 -index 000000000..a989aea2e +index 0000000000..a989aea2e1 --- /dev/null +++ b/piranha.te @@ -0,0 +1,292 @@ @@ -73607,7 +73608,7 @@ index 000000000..a989aea2e + +sysnet_read_config(piranha_domain) diff --git a/pkcs.fc b/pkcs.fc -index 9a72226e3..b2968942f 100644 +index 9a72226e38..b2968942f7 100644 --- a/pkcs.fc +++ b/pkcs.fc @@ -4,4 +4,8 @@ @@ -73620,7 +73621,7 @@ index 9a72226e3..b2968942f 100644 + /var/run/pkcsslotd.* gen_context(system_u:object_r:pkcs_slotd_var_run_t,s0) diff --git a/pkcs.if b/pkcs.if -index 69be2aaf2..2d7b3f656 100644 +index 69be2aaf28..2d7b3f656c 100644 --- a/pkcs.if +++ b/pkcs.if @@ -19,7 +19,7 @@ @@ -73643,7 +73644,7 @@ index 69be2aaf2..2d7b3f656 100644 admin_pattern($1, pkcs_slotd_var_run_t) diff --git a/pkcs.te b/pkcs.te -index 8eb3f7bc1..1b79ed454 100644 +index 8eb3f7bc1e..1b79ed4541 100644 --- a/pkcs.te +++ b/pkcs.te @@ -7,21 +7,34 @@ policy_module(pkcs, 1.0.1) @@ -73715,7 +73716,7 @@ index 8eb3f7bc1..1b79ed454 100644 +userdom_read_all_users_state(pkcs_slotd_t) diff --git a/pki.fc b/pki.fc new file mode 100644 -index 000000000..47cd0f8ba +index 0000000000..47cd0f8ba9 --- /dev/null +++ b/pki.fc @@ -0,0 +1,57 @@ @@ -73778,7 +73779,7 @@ index 000000000..47cd0f8ba +/usr/lib/systemd/system/pki-tomcat.* gen_context(system_u:object_r:pki_tomcat_unit_file_t,s0) diff --git a/pki.if b/pki.if new file mode 100644 -index 000000000..0a7951358 +index 0000000000..0a79513588 --- /dev/null +++ b/pki.if @@ -0,0 +1,523 @@ @@ -74307,7 +74308,7 @@ index 000000000..0a7951358 +') diff --git a/pki.te b/pki.te new file mode 100644 -index 000000000..67e7036fb +index 0000000000..67e7036fbb --- /dev/null +++ b/pki.te @@ -0,0 +1,285 @@ @@ -74597,7 +74598,7 @@ index 000000000..67e7036fb +') + diff --git a/plymouthd.fc b/plymouthd.fc -index 735500fd1..7f694728c 100644 +index 735500fd14..7f694728c3 100644 --- a/plymouthd.fc +++ b/plymouthd.fc @@ -1,15 +1,14 @@ @@ -74625,7 +74626,7 @@ index 735500fd1..7f694728c 100644 -/var/spool/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_spool_t,s0) +/var/spool/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_spool_t,s0) diff --git a/plymouthd.if b/plymouthd.if -index 30e751f18..61feb3a81 100644 +index 30e751f18b..61feb3a812 100644 --- a/plymouthd.if +++ b/plymouthd.if @@ -1,4 +1,4 @@ @@ -74938,7 +74939,7 @@ index 30e751f18..61feb3a81 100644 admin_pattern($1, plymouthd_var_run_t) ') diff --git a/plymouthd.te b/plymouthd.te -index 3078ce905..39e5a88ee 100644 +index 3078ce9055..39e5a88ee4 100644 --- a/plymouthd.te +++ b/plymouthd.te @@ -15,7 +15,7 @@ type plymouthd_exec_t; @@ -75065,7 +75066,7 @@ index 3078ce905..39e5a88ee 100644 hal_dontaudit_write_log(plymouth_t) hal_dontaudit_rw_pipes(plymouth_t) diff --git a/podsleuth.te b/podsleuth.te -index 9123f7152..232e28a75 100644 +index 9123f71529..232e28a758 100644 --- a/podsleuth.te +++ b/podsleuth.te @@ -28,8 +28,9 @@ userdom_user_tmpfs_file(podsleuth_tmpfs_t) @@ -75104,7 +75105,7 @@ index 9123f7152..232e28a75 100644 optional_policy(` dbus_system_bus_client(podsleuth_t) diff --git a/policykit.fc b/policykit.fc -index 1d76c7288..93d09d92f 100644 +index 1d76c7288a..93d09d92fa 100644 --- a/policykit.fc +++ b/policykit.fc @@ -1,23 +1,22 @@ @@ -75149,7 +75150,7 @@ index 1d76c7288..93d09d92f 100644 -/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0) diff --git a/policykit.if b/policykit.if -index 032a84d1c..be00a65f1 100644 +index 032a84d1c4..be00a65f17 100644 --- a/policykit.if +++ b/policykit.if @@ -17,6 +17,8 @@ interface(`policykit_dbus_chat',` @@ -75389,7 +75390,7 @@ index 032a84d1c..be00a65f1 100644 + allow $1 policykit_auth_t:process signal; ') diff --git a/policykit.te b/policykit.te -index ee91778f7..5e92592f0 100644 +index ee91778f72..5e92592f0b 100644 --- a/policykit.te +++ b/policykit.te @@ -7,9 +7,6 @@ policy_module(policykit, 1.3.0) @@ -75725,7 +75726,7 @@ index ee91778f7..5e92592f0 100644 ') - diff --git a/polipo.fc b/polipo.fc -index d35614b78..11f77ee32 100644 +index d35614b78a..11f77ee326 100644 --- a/polipo.fc +++ b/polipo.fc @@ -1,15 +1,16 @@ @@ -75749,7 +75750,7 @@ index d35614b78..11f77ee32 100644 -/var/run/polipo(/.*)? gen_context(system_u:object_r:polipo_var_run_t,s0) +/var/run/polipo(/.*)? gen_context(system_u:object_r:polipo_pid_t,s0) diff --git a/polipo.if b/polipo.if -index ae27bb7fe..10a778780 100644 +index ae27bb7fec..10a778780c 100644 --- a/polipo.if +++ b/polipo.if @@ -1,8 +1,8 @@ @@ -75998,7 +75999,7 @@ index ae27bb7fe..10a778780 100644 + allow $1 polipo_unit_file_t:service all_service_perms; ') diff --git a/polipo.te b/polipo.te -index 9764bfef8..8870de713 100644 +index 9764bfef85..8870de7133 100644 --- a/polipo.te +++ b/polipo.te @@ -7,19 +7,27 @@ policy_module(polipo, 1.1.1) @@ -76242,7 +76243,7 @@ index 9764bfef8..8870de713 100644 -miscfiles_read_localization(polipo_daemon) diff --git a/portage.if b/portage.if -index 67e8c12c4..058c99481 100644 +index 67e8c12c49..058c994812 100644 --- a/portage.if +++ b/portage.if @@ -67,9 +67,10 @@ interface(`portage_compile_domain',` @@ -76258,7 +76259,7 @@ index 67e8c12c4..058c99481 100644 allow $1 self:process { setpgid setsched setrlimit signal_perms execmem setfscreate }; allow $1 self:process ~{ ptrace setcurrent setexec setrlimit execmem execstack execheap }; diff --git a/portage.te b/portage.te -index b410c67c1..f1ec41d39 100644 +index b410c67c19..f1ec41d393 100644 --- a/portage.te +++ b/portage.te @@ -108,7 +108,6 @@ domain_use_interactive_fds(gcc_config_t) @@ -76287,7 +76288,7 @@ index b410c67c1..f1ec41d39 100644 fs_search_auto_mountpoints(portage_fetch_t) diff --git a/portmap.fc b/portmap.fc -index cd45831ca..69406ee17 100644 +index cd45831ca8..69406ee171 100644 --- a/portmap.fc +++ b/portmap.fc @@ -4,9 +4,14 @@ @@ -76306,7 +76307,7 @@ index cd45831ca..69406ee17 100644 /var/run/portmap\.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0) /var/run/portmap_mapping -- gen_context(system_u:object_r:portmap_var_run_t,s0) diff --git a/portmap.te b/portmap.te -index 18b255e7a..e75c4ec24 100644 +index 18b255e7a4..e75c4ec240 100644 --- a/portmap.te +++ b/portmap.te @@ -45,7 +45,6 @@ files_pid_filetrans(portmap_t, portmap_var_run_t, file) @@ -76348,7 +76349,7 @@ index 18b255e7a..e75c4ec24 100644 +userdom_use_inherited_user_terminals(portmap_helper_t) userdom_dontaudit_use_all_users_fds(portmap_helper_t) diff --git a/portreserve.fc b/portreserve.fc -index 1b2b4f908..575b7d69b 100644 +index 1b2b4f908f..575b7d69bf 100644 --- a/portreserve.fc +++ b/portreserve.fc @@ -1,6 +1,6 @@ @@ -76360,7 +76361,7 @@ index 1b2b4f908..575b7d69b 100644 /sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0) diff --git a/portreserve.if b/portreserve.if -index 5ad529154..7f1ae2a78 100644 +index 5ad5291544..7f1ae2a784 100644 --- a/portreserve.if +++ b/portreserve.if @@ -105,8 +105,11 @@ interface(`portreserve_admin',` @@ -76377,7 +76378,7 @@ index 5ad529154..7f1ae2a78 100644 portreserve_initrc_domtrans($1) domain_system_change_exemption($1) diff --git a/portreserve.te b/portreserve.te -index 00b01e2ea..10b45127a 100644 +index 00b01e2ea2..10b45127a5 100644 --- a/portreserve.te +++ b/portreserve.te @@ -41,7 +41,6 @@ files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file dir } @@ -76399,7 +76400,7 @@ index 00b01e2ea..10b45127a 100644 +auth_use_nsswitch(portreserve_t) + diff --git a/portslave.te b/portslave.te -index cbe36c1d0..8ebeb87d2 100644 +index cbe36c1d0b..8ebeb87d25 100644 --- a/portslave.te +++ b/portslave.te @@ -48,7 +48,6 @@ kernel_read_kernel_sysctls(portslave_t) @@ -76420,7 +76421,7 @@ index cbe36c1d0..8ebeb87d2 100644 auth_domtrans_chk_passwd(portslave_t) diff --git a/postfix.fc b/postfix.fc -index c0e878537..3070aa066 100644 +index c0e878537c..3070aa0669 100644 --- a/postfix.fc +++ b/postfix.fc @@ -1,38 +1,38 @@ @@ -76513,7 +76514,7 @@ index c0e878537..3070aa066 100644 +/var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0) +/var/spool/postfix/flush(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0) diff --git a/postfix.if b/postfix.if -index ded95ec3a..137ae2d3d 100644 +index ded95ec3a4..137ae2d3d2 100644 --- a/postfix.if +++ b/postfix.if @@ -1,4 +1,4 @@ @@ -77400,7 +77401,7 @@ index ded95ec3a..137ae2d3d 100644 + postfix_config_filetrans($1, postfix_prng_t, file, "prng_exch") ') diff --git a/postfix.te b/postfix.te -index 5cfb83eca..921fcfe70 100644 +index 5cfb83eca2..921fcfe701 100644 --- a/postfix.te +++ b/postfix.te @@ -6,27 +6,23 @@ policy_module(postfix, 1.15.1) @@ -78384,7 +78385,7 @@ index 5cfb83eca..921fcfe70 100644 + udev_read_db(postfix_domain) +') diff --git a/postfixpolicyd.if b/postfixpolicyd.if -index 5de817368..985b877ab 100644 +index 5de817368f..985b877ab9 100644 --- a/postfixpolicyd.if +++ b/postfixpolicyd.if @@ -23,8 +23,11 @@ interface(`postfixpolicyd_admin',` @@ -78401,7 +78402,7 @@ index 5de817368..985b877ab 100644 init_labeled_script_domtrans($1, postfix_policyd_initrc_exec_t) domain_system_change_exemption($1) diff --git a/postfixpolicyd.te b/postfixpolicyd.te -index ea1582a3a..0c1a05983 100644 +index ea1582a3a9..0c1a05983c 100644 --- a/postfixpolicyd.te +++ b/postfixpolicyd.te @@ -34,7 +34,6 @@ allow postfix_policyd_t postfix_policyd_conf_t:lnk_file read_lnk_file_perms; @@ -78425,7 +78426,7 @@ index ea1582a3a..0c1a05983 100644 - sysnet_dns_name_resolve(postfix_policyd_t) diff --git a/postgrey.if b/postgrey.if -index b9e71b537..a7502cd0e 100644 +index b9e71b5373..a7502cd0e7 100644 --- a/postgrey.if +++ b/postgrey.if @@ -16,9 +16,9 @@ interface(`postgrey_stream_connect',` @@ -78462,7 +78463,7 @@ index b9e71b537..a7502cd0e 100644 domain_system_change_exemption($1) role_transition $2 postgrey_initrc_exec_t system_r; diff --git a/postgrey.te b/postgrey.te -index fd58805e5..fbb01fc23 100644 +index fd58805e54..fbb01fc232 100644 --- a/postgrey.te +++ b/postgrey.te @@ -16,7 +16,7 @@ type postgrey_initrc_exec_t; @@ -78525,7 +78526,7 @@ index fd58805e5..fbb01fc23 100644 sysnet_read_config(postgrey_t) diff --git a/ppp.fc b/ppp.fc -index efcb6532d..ff2c96adb 100644 +index efcb6532d3..ff2c96adb5 100644 --- a/ppp.fc +++ b/ppp.fc @@ -1,30 +1,45 @@ @@ -78597,7 +78598,7 @@ index efcb6532d..ff2c96adb 100644 +/var/log/ppp-connect-errors.* -- gen_context(system_u:object_r:pppd_log_t,s0) +/var/log/ppp(/.*)? gen_context(system_u:object_r:pppd_log_t,s0) diff --git a/ppp.if b/ppp.if -index cd8b8b9cb..ad8424ba3 100644 +index cd8b8b9cbd..ad8424ba33 100644 --- a/ppp.if +++ b/ppp.if @@ -1,110 +1,91 @@ @@ -79107,7 +79108,7 @@ index cd8b8b9cb..ad8424ba3 100644 + allow $1 pppd_unit_file_t:service all_service_perms; ') diff --git a/ppp.te b/ppp.te -index d616ca3e3..7910fb889 100644 +index d616ca3e38..7910fb8895 100644 --- a/ppp.te +++ b/ppp.te @@ -6,41 +6,47 @@ policy_module(ppp, 1.14.0) @@ -79460,7 +79461,7 @@ index d616ca3e3..7910fb889 100644 dbus_system_domain(pppd_t, pppd_exec_t) diff --git a/prelink.fc b/prelink.fc -index a90d6231f..62af9a4a0 100644 +index a90d6231f5..62af9a4a03 100644 --- a/prelink.fc +++ b/prelink.fc @@ -1,11 +1,11 @@ @@ -79481,7 +79482,7 @@ index a90d6231f..62af9a4a0 100644 +/var/lib/misc/prelink.* -- gen_context(system_u:object_r:prelink_var_lib_t,s0) +/var/lib/prelink(/.*)? gen_context(system_u:object_r:prelink_var_lib_t,s0) diff --git a/prelink.if b/prelink.if -index 20d469793..e6605c100 100644 +index 20d469793f..e6605c1008 100644 --- a/prelink.if +++ b/prelink.if @@ -2,7 +2,7 @@ @@ -79622,7 +79623,7 @@ index 20d469793..e6605c100 100644 + files_etc_filetrans($1, prelink_cache_t, file, "prelink.cache") +') diff --git a/prelink.te b/prelink.te -index 8e262163b..6facb3465 100644 +index 8e262163b3..6facb34654 100644 --- a/prelink.te +++ b/prelink.te @@ -6,13 +6,10 @@ policy_module(prelink, 1.11.0) @@ -79837,7 +79838,7 @@ index 8e262163b..6facb3465 100644 + ') +') diff --git a/prelude.fc b/prelude.fc -index 8dbc76372..b580f852b 100644 +index 8dbc763724..b580f852b4 100644 --- a/prelude.fc +++ b/prelude.fc @@ -12,7 +12,7 @@ @@ -79850,7 +79851,7 @@ index 8dbc76372..b580f852b 100644 /var/lib/prelude-lml(/.*)? gen_context(system_u:object_r:prelude_var_lib_t,s0) diff --git a/prelude.if b/prelude.if -index c83a838d7..f41a4f7dd 100644 +index c83a838d76..f41a4f7dd9 100644 --- a/prelude.if +++ b/prelude.if @@ -1,13 +1,13 @@ @@ -80011,7 +80012,7 @@ index c83a838d7..f41a4f7dd 100644 admin_pattern($1, prelude_lml_tmp_t) ') diff --git a/prelude.te b/prelude.te -index 8f4460928..dd7065356 100644 +index 8f44609286..dd70653563 100644 --- a/prelude.te +++ b/prelude.te @@ -13,7 +13,7 @@ type prelude_initrc_exec_t; @@ -80183,7 +80184,7 @@ index 8f4460928..dd7065356 100644 ') ') diff --git a/privoxy.if b/privoxy.if -index bdcee30f5..34f314344 100644 +index bdcee30f54..34f3143441 100644 --- a/privoxy.if +++ b/privoxy.if @@ -23,8 +23,11 @@ interface(`privoxy_admin',` @@ -80200,7 +80201,7 @@ index bdcee30f5..34f314344 100644 init_labeled_script_domtrans($1, privoxy_initrc_exec_t) domain_system_change_exemption($1) diff --git a/privoxy.te b/privoxy.te -index ec21f80d7..a9f650a1f 100644 +index ec21f80d77..a9f650a1f3 100644 --- a/privoxy.te +++ b/privoxy.te @@ -85,6 +85,7 @@ corenet_sendrecv_tor_client_packets(privoxy_t) @@ -80221,7 +80222,7 @@ index ec21f80d7..a9f650a1f 100644 userdom_dontaudit_search_user_home_dirs(privoxy_t) diff --git a/procmail.fc b/procmail.fc -index bdff6c931..4b36a13de 100644 +index bdff6c931f..4b36a13de3 100644 --- a/procmail.fc +++ b/procmail.fc @@ -1,6 +1,7 @@ @@ -80236,7 +80237,7 @@ index bdff6c931..4b36a13de 100644 +/var/log/procmail\.log.* -- gen_context(system_u:object_r:procmail_log_t,s0) +/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0) diff --git a/procmail.if b/procmail.if -index 00edeab17..cb6c0edbf 100644 +index 00edeab17d..cb6c0edbfd 100644 --- a/procmail.if +++ b/procmail.if @@ -1,4 +1,4 @@ @@ -80405,7 +80406,7 @@ index 00edeab17..cb6c0edbf 100644 + read_files_pattern($1, procmail_home_t, procmail_home_t) ') diff --git a/procmail.te b/procmail.te -index cc426e62a..91a1f537e 100644 +index cc426e62ad..91a1f537eb 100644 --- a/procmail.te +++ b/procmail.te @@ -14,7 +14,7 @@ type procmail_home_t; @@ -80604,7 +80605,7 @@ index cc426e62a..91a1f537e 100644 +') diff --git a/prosody.fc b/prosody.fc new file mode 100644 -index 000000000..c056a2fb3 +index 0000000000..c056a2fb33 --- /dev/null +++ b/prosody.fc @@ -0,0 +1,10 @@ @@ -80620,7 +80621,7 @@ index 000000000..c056a2fb3 +/var/log/prosody(/.*)? gen_context(system_u:object_r:prosody_log_t,s0) diff --git a/prosody.if b/prosody.if new file mode 100644 -index 000000000..8231f4ff5 +index 0000000000..8231f4ff5e --- /dev/null +++ b/prosody.if @@ -0,0 +1,255 @@ @@ -80881,7 +80882,7 @@ index 000000000..8231f4ff5 +') diff --git a/prosody.te b/prosody.te new file mode 100644 -index 000000000..5a9f1d42c +index 0000000000..5a9f1d42cd --- /dev/null +++ b/prosody.te @@ -0,0 +1,99 @@ @@ -80985,7 +80986,7 @@ index 000000000..5a9f1d42c + sasl_connect(prosody_t) +') diff --git a/psad.if b/psad.if -index d4dcf782c..3cce82e50 100644 +index d4dcf782ce..3cce82e500 100644 --- a/psad.if +++ b/psad.if @@ -93,9 +93,8 @@ interface(`psad_manage_config',` @@ -81144,7 +81145,7 @@ index d4dcf782c..3cce82e50 100644 admin_pattern($1, psad_tmp_t) ') diff --git a/psad.te b/psad.te -index b5d717b09..e716d9d2c 100644 +index b5d717b091..e716d9d2c5 100644 --- a/psad.te +++ b/psad.te @@ -32,7 +32,7 @@ files_tmp_file(psad_tmp_t) @@ -81185,7 +81186,7 @@ index b5d717b09..e716d9d2c 100644 optional_policy(` diff --git a/ptchown.te b/ptchown.te -index 28d2abc03..c2cfb5eaa 100644 +index 28d2abc03b..c2cfb5eaab 100644 --- a/ptchown.te +++ b/ptchown.te @@ -21,7 +21,6 @@ role ptchown_roles types ptchown_t; @@ -81203,7 +81204,7 @@ index 28d2abc03..c2cfb5eaa 100644 -miscfiles_read_localization(ptchown_t) +auth_read_passwd(ptchown_t) diff --git a/publicfile.te b/publicfile.te -index 3246befff..dd66a21cb 100644 +index 3246befff7..dd66a21cbb 100644 --- a/publicfile.te +++ b/publicfile.te @@ -17,7 +17,7 @@ files_type(publicfile_content_t) @@ -81216,7 +81217,7 @@ index 3246befff..dd66a21cb 100644 allow publicfile_t publicfile_content_t:dir list_dir_perms; allow publicfile_t publicfile_content_t:file read_file_perms; diff --git a/pulseaudio.fc b/pulseaudio.fc -index 6864479a7..0e7d87513 100644 +index 6864479a79..0e7d875135 100644 --- a/pulseaudio.fc +++ b/pulseaudio.fc @@ -1,9 +1,14 @@ @@ -81239,7 +81240,7 @@ index 6864479a7..0e7d87513 100644 +/var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0) +/var/run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0) diff --git a/pulseaudio.if b/pulseaudio.if -index 45843b55c..4d1adace5 100644 +index 45843b55c2..4d1adace56 100644 --- a/pulseaudio.if +++ b/pulseaudio.if @@ -2,43 +2,47 @@ @@ -81641,7 +81642,7 @@ index 45843b55c..4d1adace5 100644 + ps_process_pattern($1, pulseaudio_t) ') diff --git a/pulseaudio.te b/pulseaudio.te -index 6643b49c2..6c374240b 100644 +index 6643b49c2a..6c374240b0 100644 --- a/pulseaudio.te +++ b/pulseaudio.te @@ -8,61 +8,51 @@ policy_module(pulseaudio, 1.6.0) @@ -81945,7 +81946,7 @@ index 6643b49c2..6c374240b 100644 optional_policy(` diff --git a/puppet.fc b/puppet.fc -index d68e26d1f..3b08cfd9d 100644 +index d68e26d1fe..3b08cfd9d8 100644 --- a/puppet.fc +++ b/puppet.fc @@ -1,18 +1,23 @@ @@ -81986,7 +81987,7 @@ index d68e26d1f..3b08cfd9d 100644 +/var/log/puppet(/.*)? gen_context(system_u:object_r:puppet_log_t,s0) +/var/run/puppet(/.*)? gen_context(system_u:object_r:puppet_var_run_t,s0) diff --git a/puppet.if b/puppet.if -index 7cb8b1f9c..173bc5b0e 100644 +index 7cb8b1f9c9..173bc5b0e5 100644 --- a/puppet.if +++ b/puppet.if @@ -1,4 +1,52 @@ @@ -82389,7 +82390,7 @@ index 7cb8b1f9c..173bc5b0e 100644 + allow $1 puppet_var_run_t:dir search_dir_perms; ') diff --git a/puppet.te b/puppet.te -index 618dcfeed..6bd7543ae 100644 +index 618dcfeedb..6bd7543ae9 100644 --- a/puppet.te +++ b/puppet.te @@ -6,25 +6,32 @@ policy_module(puppet, 1.4.0) @@ -82910,7 +82911,7 @@ index 618dcfeed..6bd7543ae 100644 + usermanage_access_check_useradd(puppetmaster_t) +') diff --git a/pwauth.fc b/pwauth.fc -index 7e7b44434..e2f8687db 100644 +index 7e7b44434e..e2f8687dbd 100644 --- a/pwauth.fc +++ b/pwauth.fc @@ -1,3 +1,3 @@ @@ -82920,7 +82921,7 @@ index 7e7b44434..e2f8687db 100644 -/var/run/pwauth\.lock -- gen_context(system_u:object_r:pwauth_var_run_t,s0) +/var/run/pwauth.lock -- gen_context(system_u:object_r:pwauth_var_run_t,s0) diff --git a/pwauth.if b/pwauth.if -index 1148dce1a..86d25ea26 100644 +index 1148dce1ae..86d25ea260 100644 --- a/pwauth.if +++ b/pwauth.if @@ -1,72 +1,74 @@ @@ -83032,7 +83033,7 @@ index 1148dce1a..86d25ea26 100644 + allow $2 pwauth_t:process signal; ') diff --git a/pwauth.te b/pwauth.te -index 3078e349e..215df880c 100644 +index 3078e349e4..215df880c5 100644 --- a/pwauth.te +++ b/pwauth.te @@ -5,26 +5,23 @@ policy_module(pwauth, 1.0.0) @@ -83080,7 +83081,7 @@ index 3078e349e..215df880c 100644 - -miscfiles_read_localization(pwauth_t) diff --git a/pxe.te b/pxe.te -index 06bec9ba9..1b32632dc 100644 +index 06bec9ba91..1b32632dcc 100644 --- a/pxe.te +++ b/pxe.te @@ -50,15 +50,12 @@ dev_read_sysfs(pxe_t) @@ -83101,7 +83102,7 @@ index 06bec9ba9..1b32632dc 100644 diff --git a/pyicqt.fc b/pyicqt.fc deleted file mode 100644 -index 0c143e3e8..000000000 +index 0c143e3e87..0000000000 --- a/pyicqt.fc +++ /dev/null @@ -1,11 +0,0 @@ @@ -83118,7 +83119,7 @@ index 0c143e3e8..000000000 -/var/spool/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_spool_t,s0) diff --git a/pyicqt.if b/pyicqt.if deleted file mode 100644 -index 0ccea828a..000000000 +index 0ccea828aa..0000000000 --- a/pyicqt.if +++ /dev/null @@ -1,45 +0,0 @@ @@ -83169,7 +83170,7 @@ index 0ccea828a..000000000 -') diff --git a/pyicqt.te b/pyicqt.te deleted file mode 100644 -index f2863ded4..000000000 +index f2863ded4a..0000000000 --- a/pyicqt.te +++ /dev/null @@ -1,92 +0,0 @@ @@ -83266,7 +83267,7 @@ index f2863ded4..000000000 - seutil_sigchld_newrole(pyicqt_t) -') diff --git a/pyzor.fc b/pyzor.fc -index af13139a1..a927c5a15 100644 +index af13139a14..a927c5a156 100644 --- a/pyzor.fc +++ b/pyzor.fc @@ -1,12 +1,13 @@ @@ -83291,7 +83292,7 @@ index af13139a1..a927c5a15 100644 +/var/lib/pyzord(/.*)? gen_context(system_u:object_r:pyzor_var_lib_t,s0) /var/log/pyzord\.log.* -- gen_context(system_u:object_r:pyzord_log_t,s0) diff --git a/pyzor.if b/pyzor.if -index 593c03d09..2c411af3e 100644 +index 593c03d098..2c411af3ee 100644 --- a/pyzor.if +++ b/pyzor.if @@ -2,7 +2,7 @@ @@ -83421,7 +83422,7 @@ index 593c03d09..2c411af3e 100644 + admin_pattern($1, pyzor_var_lib_t) ') diff --git a/pyzor.te b/pyzor.te -index 2439d1304..d7bd6e9a1 100644 +index 2439d1304e..d7bd6e9a10 100644 --- a/pyzor.te +++ b/pyzor.te @@ -5,57 +5,78 @@ policy_module(pyzor, 2.3.0) @@ -83661,7 +83662,7 @@ index 2439d1304..d7bd6e9a1 100644 + logging_send_syslog_msg(pyzord_t) +') diff --git a/qemu.fc b/qemu.fc -index 86ea53ce1..a2dcf7bb2 100644 +index 86ea53ce18..a2dcf7bb2f 100644 --- a/qemu.fc +++ b/qemu.fc @@ -1,4 +1,4 @@ @@ -83671,7 +83672,7 @@ index 86ea53ce1..a2dcf7bb2 100644 /usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0) /usr/bin/kvm -- gen_context(system_u:object_r:qemu_exec_t,s0) diff --git a/qemu.if b/qemu.if -index eaf56b8b0..889472688 100644 +index eaf56b8b02..8894726888 100644 --- a/qemu.if +++ b/qemu.if @@ -1,19 +1,21 @@ @@ -84072,7 +84073,7 @@ index eaf56b8b0..889472688 100644 + allow $1 qemu_exec_t:file getattr; ') diff --git a/qemu.te b/qemu.te -index 4f9074343..958c0ef1e 100644 +index 4f90743435..958c0ef1e1 100644 --- a/qemu.te +++ b/qemu.te @@ -6,28 +6,58 @@ policy_module(qemu, 1.8.0) @@ -84214,7 +84215,7 @@ index 4f9074343..958c0ef1e 100644 + xserver_stream_connect(qemu_t) ') diff --git a/qmail.fc b/qmail.fc -index e53fe5a97..edee505d7 100644 +index e53fe5a975..edee505d72 100644 --- a/qmail.fc +++ b/qmail.fc @@ -1,22 +1,6 @@ @@ -84285,7 +84286,7 @@ index e53fe5a97..edee505d7 100644 -/var/spool/qmail(/.*)? gen_context(system_u:object_r:qmail_spool_t,s0) diff --git a/qmail.if b/qmail.if -index e4f0000e5..05e219e13 100644 +index e4f0000e5e..05e219e13d 100644 --- a/qmail.if +++ b/qmail.if @@ -1,12 +1,12 @@ @@ -84484,7 +84485,7 @@ index e4f0000e5..05e219e13 100644 + allow $1 qmail_spool_t:fifo_file rw_fifo_file_perms; +') diff --git a/qmail.te b/qmail.te -index 87429441c..53a2fe597 100644 +index 87429441ca..53a2fe597d 100644 --- a/qmail.te +++ b/qmail.te @@ -5,7 +5,7 @@ policy_module(qmail, 1.6.1) @@ -84757,7 +84758,7 @@ index 87429441c..53a2fe597 100644 allow qmail_tcp_env_t qmail_smtpd_exec_t:file read_file_perms; diff --git a/qpid.if b/qpid.if -index fe2adf8ae..f7e9c70b0 100644 +index fe2adf8ae7..f7e9c70b02 100644 --- a/qpid.if +++ b/qpid.if @@ -1,4 +1,4 @@ @@ -85041,7 +85042,7 @@ index fe2adf8ae..f7e9c70b0 100644 + admin_pattern($1, qpidd_var_run_t) ') diff --git a/qpid.te b/qpid.te -index 83eb09ef6..a5e7068f6 100644 +index 83eb09ef63..a5e7068f6a 100644 --- a/qpid.te +++ b/qpid.te @@ -12,6 +12,9 @@ init_daemon_domain(qpidd_t, qpidd_exec_t) @@ -85125,7 +85126,7 @@ index 83eb09ef6..a5e7068f6 100644 +') + diff --git a/quantum.fc b/quantum.fc -index 70ab68b02..b985b6570 100644 +index 70ab68b02f..b985b65703 100644 --- a/quantum.fc +++ b/quantum.fc @@ -1,10 +1,34 @@ @@ -85171,7 +85172,7 @@ index 70ab68b02..b985b6570 100644 +/var/run/neutron(/.*)? gen_context(system_u:object_r:neutron_var_run_t,s0) +/var/run/quantum(/.*)? gen_context(system_u:object_r:neutron_var_run_t,s0) diff --git a/quantum.if b/quantum.if -index afc00688d..e974fad4b 100644 +index afc00688df..e974fad4b5 100644 --- a/quantum.if +++ b/quantum.if @@ -2,41 +2,314 @@ @@ -85507,7 +85508,7 @@ index afc00688d..e974fad4b 100644 + ') ') diff --git a/quantum.te b/quantum.te -index 8644d8b3f..6c415e8b9 100644 +index 8644d8b3fb..6c415e8b98 100644 --- a/quantum.te +++ b/quantum.te @@ -5,92 +5,185 @@ policy_module(quantum, 1.1.0) @@ -85759,7 +85760,7 @@ index 8644d8b3f..6c415e8b9 100644 + udev_domtrans(neutron_t) +') diff --git a/quota.fc b/quota.fc -index cadabe360..54ba01d0d 100644 +index cadabe3605..54ba01d0d4 100644 --- a/quota.fc +++ b/quota.fc @@ -1,6 +1,5 @@ @@ -85809,7 +85810,7 @@ index cadabe360..54ba01d0d 100644 -/var/spool/mail/a?quota\.(user|group) -- gen_context(system_u:object_r:quota_db_t,s0) +/var/run/quota_nld\.pid -- gen_context(system_u:object_r:quota_nld_var_run_t,s0) diff --git a/quota.if b/quota.if -index da6421861..3fb8575ca 100644 +index da6421861b..3fb8575ca8 100644 --- a/quota.if +++ b/quota.if @@ -1,4 +1,4 @@ @@ -86042,7 +86043,7 @@ index da6421861..3fb8575ca 100644 + domtrans_pattern($1, quota_nld_exec_t, quota_nld_t) ') diff --git a/quota.te b/quota.te -index f47c8e81f..0f0b0b43f 100644 +index f47c8e81fc..0f0b0b43f4 100644 --- a/quota.te +++ b/quota.te @@ -5,12 +5,10 @@ policy_module(quota, 1.6.0) @@ -86172,7 +86173,7 @@ index f47c8e81f..0f0b0b43f 100644 + dbus_connect_system_bus(quota_nld_t) ') diff --git a/rabbitmq.fc b/rabbitmq.fc -index c5ad6de76..af2d46f13 100644 +index c5ad6de765..af2d46f13d 100644 --- a/rabbitmq.fc +++ b/rabbitmq.fc @@ -1,10 +1,18 @@ @@ -86197,7 +86198,7 @@ index c5ad6de76..af2d46f13 100644 /var/run/rabbitmq(/.*)? gen_context(system_u:object_r:rabbitmq_var_run_t,s0) diff --git a/rabbitmq.if b/rabbitmq.if -index 2c3d33896..7d49554eb 100644 +index 2c3d338961..7d49554ebe 100644 --- a/rabbitmq.if +++ b/rabbitmq.if @@ -38,12 +38,12 @@ interface(`rabbitmq_domtrans',` @@ -86217,7 +86218,7 @@ index 2c3d33896..7d49554eb 100644 init_labeled_script_domtrans($1, rabbitmq_initrc_exec_t) domain_system_change_exemption($1) diff --git a/rabbitmq.te b/rabbitmq.te -index dc3b0ed87..f14522964 100644 +index dc3b0ed876..f14522964a 100644 --- a/rabbitmq.te +++ b/rabbitmq.te @@ -5,13 +5,14 @@ policy_module(rabbitmq, 1.0.2) @@ -86446,7 +86447,7 @@ index dc3b0ed87..f14522964 100644 - -miscfiles_read_localization(rabbitmq_epmd_t) diff --git a/radius.fc b/radius.fc -index d447e8548..76ed794ce 100644 +index d447e85488..76ed794ce2 100644 --- a/radius.fc +++ b/radius.fc @@ -9,7 +9,9 @@ @@ -86461,7 +86462,7 @@ index d447e8548..76ed794ce 100644 /var/log/freeradius(/.*)? gen_context(system_u:object_r:radiusd_log_t,s0) /var/log/radacct(/.*)? gen_context(system_u:object_r:radiusd_log_t,s0) diff --git a/radius.if b/radius.if -index 44605825c..4c66c2502 100644 +index 44605825c5..4c66c2502f 100644 --- a/radius.if +++ b/radius.if @@ -14,6 +14,30 @@ interface(`radius_use',` @@ -86523,7 +86524,7 @@ index 44605825c..4c66c2502 100644 + ') diff --git a/radius.te b/radius.te -index 403a4fed1..9de0a3d77 100644 +index 403a4fed12..9de0a3d776 100644 --- a/radius.te +++ b/radius.te @@ -5,6 +5,13 @@ policy_module(radius, 1.13.0) @@ -86683,7 +86684,7 @@ index 403a4fed1..9de0a3d77 100644 udev_read_db(radiusd_t) ') diff --git a/radvd.if b/radvd.if -index ac7058d1e..48739ac1b 100644 +index ac7058d1e8..48739ac1bf 100644 --- a/radvd.if +++ b/radvd.if @@ -1,5 +1,24 @@ @@ -86725,7 +86726,7 @@ index ac7058d1e..48739ac1b 100644 init_labeled_script_domtrans($1, radvd_initrc_exec_t) domain_system_change_exemption($1) diff --git a/radvd.te b/radvd.te -index 6d162e4e6..889c0ed5f 100644 +index 6d162e4e64..889c0ed5f4 100644 --- a/radvd.te +++ b/radvd.te @@ -65,8 +65,6 @@ auth_use_nsswitch(radvd_t) @@ -86738,7 +86739,7 @@ index 6d162e4e6..889c0ed5f 100644 userdom_dontaudit_search_user_home_dirs(radvd_t) diff --git a/raid.fc b/raid.fc -index 5806046b1..2a4769ff4 100644 +index 5806046b13..2a4769ff4f 100644 --- a/raid.fc +++ b/raid.fc @@ -3,6 +3,12 @@ @@ -86766,7 +86767,7 @@ index 5806046b1..2a4769ff4 100644 + /var/run/mdadm(/.*)? gen_context(system_u:object_r:mdadm_var_run_t,s0) diff --git a/raid.if b/raid.if -index 951db7f1b..00e699da4 100644 +index 951db7f1be..00e699da47 100644 --- a/raid.if +++ b/raid.if @@ -1,9 +1,8 @@ @@ -86982,7 +86983,7 @@ index 951db7f1b..00e699da4 100644 + files_etc_filetrans($1, mdadm_conf_t, file, "mdadm.conf.anacbak") ') diff --git a/raid.te b/raid.te -index c99753f2c..55294acec 100644 +index c99753f2c5..55294acec9 100644 --- a/raid.te +++ b/raid.te @@ -15,54 +15,104 @@ role mdadm_roles types mdadm_t; @@ -87169,7 +87170,7 @@ index c99753f2c..55294acec 100644 +') diff --git a/rasdaemon.fc b/rasdaemon.fc new file mode 100644 -index 000000000..8e31dd042 +index 0000000000..8e31dd0426 --- /dev/null +++ b/rasdaemon.fc @@ -0,0 +1,9 @@ @@ -87184,7 +87185,7 @@ index 000000000..8e31dd042 +/var/lib/rasdaemon(/.*)? gen_context(system_u:object_r:rasdaemon_var_lib_t,s0) diff --git a/rasdaemon.if b/rasdaemon.if new file mode 100644 -index 000000000..d57006d9c +index 0000000000..d57006d9cf --- /dev/null +++ b/rasdaemon.if @@ -0,0 +1,157 @@ @@ -87347,7 +87348,7 @@ index 000000000..d57006d9c +') diff --git a/rasdaemon.te b/rasdaemon.te new file mode 100644 -index 000000000..dcdca4448 +index 0000000000..dcdca44483 --- /dev/null +++ b/rasdaemon.te @@ -0,0 +1,51 @@ @@ -87403,7 +87404,7 @@ index 000000000..dcdca4448 +') + diff --git a/razor.fc b/razor.fc -index 6723f4d3b..6e2667392 100644 +index 6723f4d3bc..6e2667392d 100644 --- a/razor.fc +++ b/razor.fc @@ -1,9 +1,9 @@ @@ -87423,7 +87424,7 @@ index 6723f4d3b..6e2667392 100644 +#/var/lib/razor(/.*)? gen_context(system_u:object_r:razor_var_lib_t,s0) +#/var/log/razor-agent\.log.* -- gen_context(system_u:object_r:razor_log_t,s0) diff --git a/razor.if b/razor.if -index 1e4b523bf..fee3b7cd1 100644 +index 1e4b523bf7..fee3b7cd16 100644 --- a/razor.if +++ b/razor.if @@ -1,72 +1,147 @@ @@ -87651,7 +87652,7 @@ index 1e4b523bf..fee3b7cd1 100644 ## ## diff --git a/razor.te b/razor.te -index 68455f909..38f69685c 100644 +index 68455f9093..38f69685c2 100644 --- a/razor.te +++ b/razor.te @@ -5,135 +5,124 @@ policy_module(razor, 2.4.0) @@ -87907,7 +87908,7 @@ index 68455f909..38f69685c 100644 + ') ') diff --git a/rdisc.fc b/rdisc.fc -index e9765c0f2..ea21331d8 100644 +index e9765c0f22..ea21331d80 100644 --- a/rdisc.fc +++ b/rdisc.fc @@ -1,3 +1,3 @@ @@ -87916,7 +87917,7 @@ index e9765c0f2..ea21331d8 100644 /usr/sbin/rdisc -- gen_context(system_u:object_r:rdisc_exec_t,s0) diff --git a/rdisc.if b/rdisc.if -index 170ef52fb..28ccc4a75 100644 +index 170ef52fbe..28ccc4a75c 100644 --- a/rdisc.if +++ b/rdisc.if @@ -18,3 +18,58 @@ interface(`rdisc_exec',` @@ -87979,7 +87980,7 @@ index 170ef52fb..28ccc4a75 100644 + ') +') diff --git a/rdisc.te b/rdisc.te -index 9196c1dbb..b7759316f 100644 +index 9196c1dbb4..b7759316f7 100644 --- a/rdisc.te +++ b/rdisc.te @@ -9,6 +9,9 @@ type rdisc_t; @@ -88014,7 +88015,7 @@ index 9196c1dbb..b7759316f 100644 userdom_dontaudit_use_unpriv_user_fds(rdisc_t) diff --git a/readahead.fc b/readahead.fc -index f01b32fe2..46279e853 100644 +index f01b32fe20..46279e853b 100644 --- a/readahead.fc +++ b/readahead.fc @@ -1,7 +1,11 @@ @@ -88031,7 +88032,7 @@ index f01b32fe2..46279e853 100644 +/var/run/systemd/readahead(/.*)? gen_context(system_u:object_r:readahead_var_run_t,s0) /var/run/readahead.* gen_context(system_u:object_r:readahead_var_run_t,s0) diff --git a/readahead.if b/readahead.if -index 661bb88fd..06f69c4ad 100644 +index 661bb88fda..06f69c4ada 100644 --- a/readahead.if +++ b/readahead.if @@ -19,3 +19,27 @@ interface(`readahead_domtrans',` @@ -88063,7 +88064,7 @@ index 661bb88fd..06f69c4ad 100644 +') + diff --git a/readahead.te b/readahead.te -index c0b02c91c..f4705559c 100644 +index c0b02c91c1..f4705559c6 100644 --- a/readahead.te +++ b/readahead.te @@ -15,6 +15,7 @@ typealias readahead_var_lib_t alias readahead_etc_rw_t; @@ -88152,7 +88153,7 @@ index c0b02c91c..f4705559c 100644 userdom_dontaudit_search_user_home_dirs(readahead_t) diff --git a/realmd.fc b/realmd.fc -index 04babe3d5..3b92679bb 100644 +index 04babe3d5b..3b92679bbb 100644 --- a/realmd.fc +++ b/realmd.fc @@ -1 +1,5 @@ @@ -88163,7 +88164,7 @@ index 04babe3d5..3b92679bb 100644 + +/var/lib/ipa-client(/.*)? gen_context(system_u:object_r:realmd_var_lib_t,s0) diff --git a/realmd.if b/realmd.if -index bff31dfd2..1663054d9 100644 +index bff31dfd2a..1663054d93 100644 --- a/realmd.if +++ b/realmd.if @@ -1,8 +1,9 @@ @@ -88300,7 +88301,7 @@ index bff31dfd2..1663054d9 100644 + +') diff --git a/realmd.te b/realmd.te -index 5bc878b29..573620309 100644 +index 5bc878b29d..573620309b 100644 --- a/realmd.te +++ b/realmd.te @@ -7,46 +7,88 @@ policy_module(realmd, 1.1.0) @@ -88478,7 +88479,7 @@ index 5bc878b29..573620309 100644 + unconfined_domain_noaudit(realmd_consolehelper_t) ') diff --git a/redis.fc b/redis.fc -index e240ac99c..83edd1be2 100644 +index e240ac99cc..83edd1be24 100644 --- a/redis.fc +++ b/redis.fc @@ -1,9 +1,16 @@ @@ -88503,7 +88504,7 @@ index e240ac99c..83edd1be2 100644 + +/var/opt/rh/rh-redis32/redis(/.*)? -- gen_context(system_u:object_r:redis_exec_t,s0) diff --git a/redis.if b/redis.if -index 16c8ecbe3..4e021eca7 100644 +index 16c8ecbe3d..4e021eca71 100644 --- a/redis.if +++ b/redis.if @@ -1,9 +1,225 @@ @@ -88767,7 +88768,7 @@ index 16c8ecbe3..4e021eca7 100644 + ') ') diff --git a/redis.te b/redis.te -index 25cd4175f..bbf421ec3 100644 +index 25cd4175fe..bbf421ec39 100644 --- a/redis.te +++ b/redis.te @@ -5,6 +5,13 @@ policy_module(redis, 1.0.1) @@ -88871,14 +88872,14 @@ index 25cd4175f..bbf421ec3 100644 + ') +') diff --git a/remotelogin.fc b/remotelogin.fc -index 327baf059..d8691bd14 100644 +index 327baf059e..d8691bd142 100644 --- a/remotelogin.fc +++ b/remotelogin.fc @@ -1 +1,2 @@ + # Remote login currently has no file contexts. diff --git a/remotelogin.if b/remotelogin.if -index a9ce68e33..92520aa92 100644 +index a9ce68e339..92520aa921 100644 --- a/remotelogin.if +++ b/remotelogin.if @@ -1,4 +1,4 @@ @@ -88949,7 +88950,7 @@ index a9ce68e33..92520aa92 100644 + allow $1 remote_login_t:process signull; ') diff --git a/remotelogin.te b/remotelogin.te -index ae308717f..15a669cd4 100644 +index ae308717f5..15a669cd42 100644 --- a/remotelogin.te +++ b/remotelogin.te @@ -10,81 +10,89 @@ domain_interactive_fd(remote_login_t) @@ -89065,7 +89066,7 @@ index ae308717f..15a669cd4 100644 ') diff --git a/resmgr.te b/resmgr.te -index f6eb358ad..b6319191c 100644 +index f6eb358ad3..b6319191cf 100644 --- a/resmgr.te +++ b/resmgr.te @@ -23,7 +23,7 @@ files_pid_file(resmgrd_var_run_t) @@ -89095,7 +89096,7 @@ index f6eb358ad..b6319191c 100644 optional_policy(` diff --git a/rgmanager.fc b/rgmanager.fc -index 5421af0b6..91e69b869 100644 +index 5421af0b68..91e69b8690 100644 --- a/rgmanager.fc +++ b/rgmanager.fc @@ -1,12 +1,22 @@ @@ -89129,7 +89130,7 @@ index 5421af0b6..91e69b869 100644 +/var/run/heartbeat(/.*)? gen_context(system_u:object_r:rgmanager_var_run_t,s0) +/var/run/rgmanager\.pid -- gen_context(system_u:object_r:rgmanager_var_run_t,s0) diff --git a/rgmanager.if b/rgmanager.if -index 1c2f9aa12..a4133dc92 100644 +index 1c2f9aa127..a4133dc921 100644 --- a/rgmanager.if +++ b/rgmanager.if @@ -1,13 +1,13 @@ @@ -89321,7 +89322,7 @@ index 1c2f9aa12..a4133dc92 100644 + allow $1 rgmanager_var_lib_t:dir search_dir_perms; +') diff --git a/rgmanager.te b/rgmanager.te -index c8a1e16e4..f9d6fb341 100644 +index c8a1e16e45..f9d6fb3412 100644 --- a/rgmanager.te +++ b/rgmanager.te @@ -6,10 +6,9 @@ policy_module(rgmanager, 1.3.0) @@ -89540,7 +89541,7 @@ index c8a1e16e4..f9d6fb341 100644 xen_domtrans_xm(rgmanager_t) ') diff --git a/rhcs.fc b/rhcs.fc -index 47de2d681..c06395f39 100644 +index 47de2d6813..c06395f39b 100644 --- a/rhcs.fc +++ b/rhcs.fc @@ -1,31 +1,107 @@ @@ -89675,7 +89676,7 @@ index 47de2d681..c06395f39 100644 +/var/log/pacemaker\.log.* -- gen_context(system_u:object_r:cluster_var_log_t,s0) +/var/log/pcsd(/.*)? gen_context(system_u:object_r:cluster_var_log_t,s0) diff --git a/rhcs.if b/rhcs.if -index c8bdea28d..0f8b732c4 100644 +index c8bdea28d4..0f8b732c4c 100644 --- a/rhcs.if +++ b/rhcs.if @@ -1,19 +1,19 @@ @@ -90564,7 +90565,7 @@ index c8bdea28d..0f8b732c4 100644 + logging_log_named_filetrans($1, var_log_t, dir, "bundles") ') diff --git a/rhcs.te b/rhcs.te -index 6cf79c449..c029ccd71 100644 +index 6cf79c449b..c029ccd715 100644 --- a/rhcs.te +++ b/rhcs.te @@ -20,6 +20,35 @@ gen_tunable(fenced_can_network_connect, false) @@ -91173,7 +91174,7 @@ index 6cf79c449..c029ccd71 100644 ') diff --git a/rhev.fc b/rhev.fc new file mode 100644 -index 000000000..4b66adfdd +index 0000000000..4b66adfddf --- /dev/null +++ b/rhev.fc @@ -0,0 +1,13 @@ @@ -91192,7 +91193,7 @@ index 000000000..4b66adfdd +/var/log/ovirt-guest-agent(/.*)? gen_context(system_u:object_r:rhev_agentd_log_t,s0) diff --git a/rhev.if b/rhev.if new file mode 100644 -index 000000000..bf11e2563 +index 0000000000..bf11e25630 --- /dev/null +++ b/rhev.if @@ -0,0 +1,76 @@ @@ -91274,7 +91275,7 @@ index 000000000..bf11e2563 +') diff --git a/rhev.te b/rhev.te new file mode 100644 -index 000000000..8b7aa12d8 +index 0000000000..8b7aa12d8e --- /dev/null +++ b/rhev.te @@ -0,0 +1,128 @@ @@ -91407,7 +91408,7 @@ index 000000000..8b7aa12d8 + ') +') diff --git a/rhgb.if b/rhgb.if -index 1a134a72e..793a29f88 100644 +index 1a134a72ef..793a29f88c 100644 --- a/rhgb.if +++ b/rhgb.if @@ -1,4 +1,4 @@ @@ -91511,7 +91512,7 @@ index 1a134a72e..793a29f88 100644 allow $1 rhgb_tmpfs_t:file rw_file_perms; ') diff --git a/rhgb.te b/rhgb.te -index 3f32e4bb3..f97ea42f8 100644 +index 3f32e4bb36..f97ea42f88 100644 --- a/rhgb.te +++ b/rhgb.te @@ -43,7 +43,6 @@ kernel_read_system_state(rhgb_t) @@ -91544,7 +91545,7 @@ index 3f32e4bb3..f97ea42f8 100644 diff --git a/rhnsd.fc b/rhnsd.fc new file mode 100644 -index 000000000..860a91df8 +index 0000000000..860a91df85 --- /dev/null +++ b/rhnsd.fc @@ -0,0 +1,9 @@ @@ -91559,7 +91560,7 @@ index 000000000..860a91df8 +/etc/sysconfig/rhn(/.*)? gen_context(system_u:object_r:rhnsd_conf_t,s0) diff --git a/rhnsd.if b/rhnsd.if new file mode 100644 -index 000000000..a161c70f9 +index 0000000000..a161c70f9f --- /dev/null +++ b/rhnsd.if @@ -0,0 +1,120 @@ @@ -91685,7 +91686,7 @@ index 000000000..a161c70f9 +') diff --git a/rhnsd.te b/rhnsd.te new file mode 100644 -index 000000000..b947f092a +index 0000000000..b947f092ac --- /dev/null +++ b/rhnsd.te @@ -0,0 +1,48 @@ @@ -91738,7 +91739,7 @@ index 000000000..b947f092a + rpm_domtrans(rhnsd_t) +') diff --git a/rhsmcertd.fc b/rhsmcertd.fc -index 8c0280418..92b10f62a 100644 +index 8c02804181..92b10f62ab 100644 --- a/rhsmcertd.fc +++ b/rhsmcertd.fc @@ -1,7 +1,11 @@ @@ -91754,7 +91755,7 @@ index 8c0280418..92b10f62a 100644 /var/lock/subsys/rhsmcertd -- gen_context(system_u:object_r:rhsmcertd_lock_t,s0) diff --git a/rhsmcertd.if b/rhsmcertd.if -index 6dbc905b3..42e4306c8 100644 +index 6dbc905b33..42e4306c83 100644 --- a/rhsmcertd.if +++ b/rhsmcertd.if @@ -1,8 +1,8 @@ @@ -92032,7 +92033,7 @@ index 6dbc905b3..42e4306c8 100644 - admin_pattern($1, rhsmcertd_lock_t) ') diff --git a/rhsmcertd.te b/rhsmcertd.te -index d32e1a279..a5ff1186d 100644 +index d32e1a2796..a5ff1186dc 100644 --- a/rhsmcertd.te +++ b/rhsmcertd.te @@ -18,30 +18,43 @@ logging_log_file(rhsmcertd_log_t) @@ -92171,7 +92172,7 @@ index d32e1a279..a5ff1186d 100644 + rpm_read_log(rhsmcertd_t) ') diff --git a/ricci.if b/ricci.if -index 2ab3ed1d4..23d579cde 100644 +index 2ab3ed1d4c..23d579cde4 100644 --- a/ricci.if +++ b/ricci.if @@ -1,13 +1,13 @@ @@ -92404,7 +92405,7 @@ index 2ab3ed1d4..23d579cde 100644 role_transition $2 ricci_initrc_exec_t system_r; allow $2 system_r; diff --git a/ricci.te b/ricci.te -index 0ba2569a5..161850d41 100644 +index 0ba2569a5f..161850d419 100644 --- a/ricci.te +++ b/ricci.te @@ -115,7 +115,6 @@ kernel_read_system_state(ricci_t) @@ -92570,14 +92571,14 @@ index 0ba2569a5..161850d41 100644 ccs_stream_connect(ricci_modstorage_t) diff --git a/rkhunter.fc b/rkhunter.fc new file mode 100644 -index 000000000..645a9cc1a +index 0000000000..645a9cc1a5 --- /dev/null +++ b/rkhunter.fc @@ -0,0 +1 @@ +/var/lib/rkhunter(/.*)? gen_context(system_u:object_r:rkhunter_var_lib_t,s0) diff --git a/rkhunter.if b/rkhunter.if new file mode 100644 -index 000000000..0be4ceec0 +index 0000000000..0be4ceec01 --- /dev/null +++ b/rkhunter.if @@ -0,0 +1,39 @@ @@ -92622,7 +92623,7 @@ index 000000000..0be4ceec0 +') diff --git a/rkhunter.te b/rkhunter.te new file mode 100644 -index 000000000..630f92bf9 +index 0000000000..630f92bf9b --- /dev/null +++ b/rkhunter.te @@ -0,0 +1,4 @@ @@ -92631,7 +92632,7 @@ index 000000000..630f92bf9 +type rkhunter_var_lib_t; +files_type(rkhunter_var_lib_t) diff --git a/rlogin.fc b/rlogin.fc -index f11187720..e361ee9e2 100644 +index f111877209..e361ee9e2e 100644 --- a/rlogin.fc +++ b/rlogin.fc @@ -1,5 +1,7 @@ @@ -92645,7 +92646,7 @@ index f11187720..e361ee9e2 100644 /usr/kerberos/sbin/klogind -- gen_context(system_u:object_r:rlogind_exec_t,s0) diff --git a/rlogin.if b/rlogin.if -index 050479dea..0e1b364fb 100644 +index 050479dea0..0e1b364fb4 100644 --- a/rlogin.if +++ b/rlogin.if @@ -29,7 +29,7 @@ interface(`rlogin_domtrans',` @@ -92658,7 +92659,7 @@ index 050479dea..0e1b364fb 100644 type rlogind_home_t; ') diff --git a/rlogin.te b/rlogin.te -index ee2794858..34d2ee96f 100644 +index ee27948589..34d2ee96f3 100644 --- a/rlogin.te +++ b/rlogin.te @@ -31,10 +31,12 @@ files_pid_file(rlogind_var_run_t) @@ -92750,7 +92751,7 @@ index ee2794858..34d2ee96f 100644 kerberos_use(rlogind_t) ') diff --git a/rngd.fc b/rngd.fc -index fa19aa8de..90eb481c1 100644 +index fa19aa8ded..90eb481c16 100644 --- a/rngd.fc +++ b/rngd.fc @@ -1,5 +1,7 @@ @@ -92762,7 +92763,7 @@ index fa19aa8de..90eb481c1 100644 /var/run/rngd\.pid -- gen_context(system_u:object_r:rngd_var_run_t,s0) diff --git a/rngd.if b/rngd.if -index 13f788fd5..10e203301 100644 +index 13f788fd57..10e2033015 100644 --- a/rngd.if +++ b/rngd.if @@ -1,5 +1,28 @@ @@ -92826,7 +92827,7 @@ index 13f788fd5..10e203301 100644 + allow $1 rngd_unit_file_t:service all_service_perms; ') diff --git a/rngd.te b/rngd.te -index a7b7717b7..6023a77e9 100644 +index a7b7717b7f..6023a77e9e 100644 --- a/rngd.te +++ b/rngd.te @@ -12,6 +12,9 @@ init_daemon_domain(rngd_t, rngd_exec_t) @@ -92855,7 +92856,7 @@ index a7b7717b7..6023a77e9 100644 +term_use_usb_ttys(rngd_t) diff --git a/rolekit.fc b/rolekit.fc new file mode 100644 -index 000000000..504b6e13e +index 0000000000..504b6e13e7 --- /dev/null +++ b/rolekit.fc @@ -0,0 +1,3 @@ @@ -92864,7 +92865,7 @@ index 000000000..504b6e13e +/usr/sbin/roled -- gen_context(system_u:object_r:rolekit_exec_t,s0) diff --git a/rolekit.if b/rolekit.if new file mode 100644 -index 000000000..b11fb8f6d +index 0000000000..b11fb8f6d9 --- /dev/null +++ b/rolekit.if @@ -0,0 +1,120 @@ @@ -92990,7 +92991,7 @@ index 000000000..b11fb8f6d +') diff --git a/rolekit.te b/rolekit.te new file mode 100644 -index 000000000..da944537b +index 0000000000..da944537bb --- /dev/null +++ b/rolekit.te @@ -0,0 +1,47 @@ @@ -93042,7 +93043,7 @@ index 000000000..da944537b + domain_named_filetrans(rolekit_t) +') diff --git a/roundup.if b/roundup.if -index 975bb6a45..ce4f5ead8 100644 +index 975bb6a457..ce4f5ead8d 100644 --- a/roundup.if +++ b/roundup.if @@ -23,8 +23,11 @@ interface(`roundup_admin',` @@ -93059,7 +93060,7 @@ index 975bb6a45..ce4f5ead8 100644 init_labeled_script_domtrans($1, roundup_initrc_exec_t) domain_system_change_exemption($1) diff --git a/roundup.te b/roundup.te -index ccb5991ed..189ac011c 100644 +index ccb5991ed5..189ac011c7 100644 --- a/roundup.te +++ b/roundup.te @@ -41,7 +41,6 @@ kernel_read_proc_symlinks(roundup_t) @@ -93088,7 +93089,7 @@ index ccb5991ed..189ac011c 100644 userdom_dontaudit_use_unpriv_user_fds(roundup_t) diff --git a/rpc.fc b/rpc.fc -index a6fb30cb3..38a2f0911 100644 +index a6fb30cb3a..38a2f09112 100644 --- a/rpc.fc +++ b/rpc.fc @@ -1,12 +1,23 @@ @@ -93137,7 +93138,7 @@ index a6fb30cb3..38a2f0911 100644 +/var/run/rpc\.statd\.pid -- gen_context(system_u:object_r:rpcd_var_run_t,s0) + diff --git a/rpc.if b/rpc.if -index 0bf13c220..79a2a9c48 100644 +index 0bf13c2207..79a2a9c48a 100644 --- a/rpc.if +++ b/rpc.if @@ -1,4 +1,4 @@ @@ -93623,7 +93624,7 @@ index 0bf13c220..79a2a9c48 100644 + allow $1 gssd_t:process { noatsecure rlimitinh }; +') diff --git a/rpc.te b/rpc.te -index 2da9fca2f..bbd209940 100644 +index 2da9fca2f7..bbd2099408 100644 --- a/rpc.te +++ b/rpc.te @@ -6,22 +6,27 @@ policy_module(rpc, 1.15.1) @@ -93989,7 +93990,7 @@ index 2da9fca2f..bbd209940 100644 ') diff --git a/rpcbind.if b/rpcbind.if -index 3b5e9eed6..ff1163ff6 100644 +index 3b5e9eed60..ff1163ff60 100644 --- a/rpcbind.if +++ b/rpcbind.if @@ -1,4 +1,4 @@ @@ -94143,7 +94144,7 @@ index 3b5e9eed6..ff1163ff6 100644 + admin_pattern($1, rpcbind_var_run_t) ') diff --git a/rpcbind.te b/rpcbind.te -index 54de77ccd..a17c004c3 100644 +index 54de77ccd8..a17c004c33 100644 --- a/rpcbind.te +++ b/rpcbind.te @@ -12,6 +12,9 @@ init_daemon_domain(rpcbind_t, rpcbind_exec_t) @@ -94195,7 +94196,7 @@ index 54de77ccd..a17c004c3 100644 ifdef(`distro_debian',` term_dontaudit_use_unallocated_ttys(rpcbind_t) diff --git a/rpm.fc b/rpm.fc -index ebe91fc70..27beed27d 100644 +index ebe91fc70b..27beed27d7 100644 --- a/rpm.fc +++ b/rpm.fc @@ -1,61 +1,81 @@ @@ -94324,7 +94325,7 @@ index ebe91fc70..27beed27d 100644 +/sbin/cpio -- gen_context(system_u:object_r:rpm_exec_t,s0) ') diff --git a/rpm.if b/rpm.if -index ef3b22507..98dfc781a 100644 +index ef3b225073..98dfc781ae 100644 --- a/rpm.if +++ b/rpm.if @@ -1,8 +1,8 @@ @@ -94974,7 +94975,7 @@ index ef3b22507..98dfc781a 100644 admin_pattern($1, { rpm_tmp_t rpm_script_tmp_t }) diff --git a/rpm.te b/rpm.te -index 6fc360e60..4402cbe09 100644 +index 6fc360e602..4402cbe093 100644 --- a/rpm.te +++ b/rpm.te @@ -1,15 +1,13 @@ @@ -95485,7 +95486,7 @@ index 6fc360e60..4402cbe09 100644 + usermanage_run_useradd(rpm_script_t, rpm_script_roles) ') diff --git a/rshd.fc b/rshd.fc -index 9ad0d58dc..6a4db031f 100644 +index 9ad0d58dcf..6a4db031ff 100644 --- a/rshd.fc +++ b/rshd.fc @@ -1,3 +1,4 @@ @@ -95494,7 +95495,7 @@ index 9ad0d58dc..6a4db031f 100644 /usr/sbin/in\.rexecd -- gen_context(system_u:object_r:rshd_exec_t,s0) diff --git a/rshd.if b/rshd.if -index 7ad29c046..2e87d76b4 100644 +index 7ad29c0467..2e87d76b4e 100644 --- a/rshd.if +++ b/rshd.if @@ -2,7 +2,7 @@ @@ -95515,7 +95516,7 @@ index 7ad29c046..2e87d76b4 100644 domtrans_pattern($1, rshd_exec_t, rshd_t) ') diff --git a/rshd.te b/rshd.te -index 864e089a0..f919bc537 100644 +index 864e089a07..f919bc5373 100644 --- a/rshd.te +++ b/rshd.te @@ -4,11 +4,12 @@ policy_module(rshd, 1.8.1) @@ -95617,7 +95618,7 @@ index 864e089a0..f919bc537 100644 ') diff --git a/rssh.te b/rssh.te -index 5c5465feb..60059323f 100644 +index 5c5465feb7..60059323f4 100644 --- a/rssh.te +++ b/rssh.te @@ -60,18 +60,14 @@ manage_files_pattern(rssh_t, rssh_rw_t, rssh_rw_t) @@ -95646,7 +95647,7 @@ index 5c5465feb..60059323f 100644 - -miscfiles_read_localization(rssh_chroot_helper_t) diff --git a/rsync.fc b/rsync.fc -index d25301b85..f3eeec7b6 100644 +index d25301b85b..f3eeec7b6b 100644 --- a/rsync.fc +++ b/rsync.fc @@ -1,7 +1,8 @@ @@ -95661,7 +95662,7 @@ index d25301b85..f3eeec7b6 100644 /var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0) +/var/run/swift_server\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0) diff --git a/rsync.if b/rsync.if -index f1140efe4..642e062f4 100644 +index f1140efe48..642e062f41 100644 --- a/rsync.if +++ b/rsync.if @@ -1,16 +1,32 @@ @@ -95939,7 +95940,7 @@ index f1140efe4..642e062f4 100644 + files_pid_filetrans($1, rsync_var_run_t, file, "rsyncd.lock") ') diff --git a/rsync.te b/rsync.te -index abeb302a7..6836678c8 100644 +index abeb302a74..6836678c82 100644 --- a/rsync.te +++ b/rsync.te @@ -6,67 +6,45 @@ policy_module(rsync, 1.13.0) @@ -96186,7 +96187,7 @@ index abeb302a7..6836678c8 100644 ') diff --git a/rtas.fc b/rtas.fc new file mode 100644 -index 000000000..8d12521d2 +index 0000000000..8d12521d29 --- /dev/null +++ b/rtas.fc @@ -0,0 +1,14 @@ @@ -96206,7 +96207,7 @@ index 000000000..8d12521d2 + diff --git a/rtas.if b/rtas.if new file mode 100644 -index 000000000..92cc49d7f +index 0000000000..92cc49d7ff --- /dev/null +++ b/rtas.if @@ -0,0 +1,163 @@ @@ -96375,7 +96376,7 @@ index 000000000..92cc49d7f +') diff --git a/rtas.te b/rtas.te new file mode 100644 -index 000000000..9a5164c7e +index 0000000000..9a5164c7e1 --- /dev/null +++ b/rtas.te @@ -0,0 +1,95 @@ @@ -96475,7 +96476,7 @@ index 000000000..9a5164c7e + unconfined_domain(rtas_errd_t) +') diff --git a/rtkit.if b/rtkit.if -index e904ec472..e0dd20eeb 100644 +index e904ec472f..e0dd20eeb1 100644 --- a/rtkit.if +++ b/rtkit.if @@ -15,7 +15,6 @@ interface(`rtkit_daemon_domtrans',` @@ -96562,7 +96563,7 @@ index e904ec472..e0dd20eeb 100644 + ') ') diff --git a/rtkit.te b/rtkit.te -index 7eea21f3f..714064633 100644 +index 7eea21f3fa..7140646330 100644 --- a/rtkit.te +++ b/rtkit.te @@ -31,8 +31,6 @@ auth_use_nsswitch(rtkit_daemon_t) @@ -96575,7 +96576,7 @@ index 7eea21f3f..714064633 100644 dbus_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t) diff --git a/rwho.if b/rwho.if -index 0360ff013..e6cb34f71 100644 +index 0360ff0139..e6cb34f717 100644 --- a/rwho.if +++ b/rwho.if @@ -139,8 +139,11 @@ interface(`rwho_admin',` @@ -96592,7 +96593,7 @@ index 0360ff013..e6cb34f71 100644 init_labeled_script_domtrans($1, rwho_initrc_exec_t) domain_system_change_exemption($1) diff --git a/rwho.te b/rwho.te -index 7fb75f457..eafd70620 100644 +index 7fb75f457b..eafd70620a 100644 --- a/rwho.te +++ b/rwho.te @@ -16,7 +16,7 @@ type rwho_log_t; @@ -96633,7 +96634,7 @@ index 7fb75f457..eafd70620 100644 +userdom_getattr_user_terminals(rwho_t) + diff --git a/samba.fc b/samba.fc -index b8b66ff4d..a93346efe 100644 +index b8b66ff4d0..a93346efee 100644 --- a/samba.fc +++ b/samba.fc @@ -1,42 +1,55 @@ @@ -96734,7 +96735,7 @@ index b8b66ff4d..a93346efe 100644 +/var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0) +') diff --git a/samba.if b/samba.if -index 50d07fb2e..e4de70769 100644 +index 50d07fb2e5..e4de70769f 100644 --- a/samba.if +++ b/samba.if @@ -1,8 +1,12 @@ @@ -97598,7 +97599,7 @@ index 50d07fb2e..e4de70769 100644 + allow $1 samba_unit_file_t:service all_service_perms; ') diff --git a/samba.te b/samba.te -index 2b7c441e7..3bc2124af 100644 +index 2b7c441e70..3bc2124af6 100644 --- a/samba.te +++ b/samba.te @@ -6,99 +6,86 @@ policy_module(samba, 1.16.3) @@ -98965,7 +98966,7 @@ index 2b7c441e7..3bc2124af 100644 + can_exec(smbd_t, samba_unconfined_script_exec_t) ') diff --git a/sambagui.te b/sambagui.te -index e18b0a284..f497f5eb5 100644 +index e18b0a2844..f497f5eb5b 100644 --- a/sambagui.te +++ b/sambagui.te @@ -18,7 +18,7 @@ role sambagui_roles types sambagui_t; @@ -99004,7 +99005,7 @@ index e18b0a284..f497f5eb5 100644 samba_domtrans_nmbd(sambagui_t) ') diff --git a/samhain.if b/samhain.if -index f0236d67d..37665a1b6 100644 +index f0236d67d5..37665a1b68 100644 --- a/samhain.if +++ b/samhain.if @@ -23,6 +23,8 @@ template(`samhain_service_template',` @@ -99017,7 +99018,7 @@ index f0236d67d..37665a1b6 100644 ######################################## diff --git a/samhain.te b/samhain.te -index c41ce4bff..8837e4c41 100644 +index c41ce4bffc..8837e4c41a 100644 --- a/samhain.te +++ b/samhain.te @@ -88,8 +88,6 @@ auth_read_login_records(samhain_domain) @@ -99040,14 +99041,14 @@ index c41ce4bff..8837e4c41 100644 # diff --git a/sandbox.fc b/sandbox.fc new file mode 100644 -index 000000000..b7db25411 +index 0000000000..b7db25411d --- /dev/null +++ b/sandbox.fc @@ -0,0 +1 @@ +# Empty diff --git a/sandbox.if b/sandbox.if new file mode 100644 -index 000000000..1e7c447a0 +index 0000000000..1e7c447a07 --- /dev/null +++ b/sandbox.if @@ -0,0 +1,80 @@ @@ -99133,7 +99134,7 @@ index 000000000..1e7c447a0 +') diff --git a/sandbox.te b/sandbox.te new file mode 100644 -index 000000000..eb990f6a4 +index 0000000000..eb990f6a45 --- /dev/null +++ b/sandbox.te @@ -0,0 +1,64 @@ @@ -99203,7 +99204,7 @@ index 000000000..eb990f6a4 +mta_dontaudit_read_spool_symlinks(sandbox_domain) diff --git a/sandboxX.fc b/sandboxX.fc new file mode 100644 -index 000000000..6caef6326 +index 0000000000..6caef63264 --- /dev/null +++ b/sandboxX.fc @@ -0,0 +1,2 @@ @@ -99211,7 +99212,7 @@ index 000000000..6caef6326 +/usr/share/sandbox/start -- gen_context(system_u:object_r:sandbox_exec_t,s0) diff --git a/sandboxX.if b/sandboxX.if new file mode 100644 -index 000000000..885d79974 +index 0000000000..885d799743 --- /dev/null +++ b/sandboxX.if @@ -0,0 +1,397 @@ @@ -99614,7 +99615,7 @@ index 000000000..885d79974 +') diff --git a/sandboxX.te b/sandboxX.te new file mode 100644 -index 000000000..7d126f9fd +index 0000000000..7d126f9fd1 --- /dev/null +++ b/sandboxX.te @@ -0,0 +1,531 @@ @@ -100150,7 +100151,7 @@ index 000000000..7d126f9fd +userdom_dontaudit_open_user_ptys(sandbox_x_domain) + diff --git a/sanlock.fc b/sanlock.fc -index 3df2a0f14..7264d8ae1 100644 +index 3df2a0f14e..7264d8ae19 100644 --- a/sanlock.fc +++ b/sanlock.fc @@ -1,7 +1,18 @@ @@ -100176,7 +100177,7 @@ index 3df2a0f14..7264d8ae1 100644 -/var/log/sanlock\.log.* -- gen_context(system_u:object_r:sanlock_log_t,s0) +/usr/lib/systemd/system/sanlk-resetd\.service -- gen_context(system_u:object_r:sanlk_resetd_unit_file_t,s0) diff --git a/sanlock.if b/sanlock.if -index cd6c213d2..9becdddcc 100644 +index cd6c213d2c..9becdddccd 100644 --- a/sanlock.if +++ b/sanlock.if @@ -1,4 +1,6 @@ @@ -100427,7 +100428,7 @@ index cd6c213d2..9becdddcc 100644 + ps_process_pattern($1, sanlock_t) ') diff --git a/sanlock.te b/sanlock.te -index 0045465a0..f5f692136 100644 +index 0045465a0b..f5f6921368 100644 --- a/sanlock.te +++ b/sanlock.te @@ -6,25 +6,44 @@ policy_module(sanlock, 1.1.0) @@ -100626,7 +100627,7 @@ index 0045465a0..f5f692136 100644 + wdmd_stream_connect(sanlk_resetd_t) ') diff --git a/sasl.fc b/sasl.fc -index 54f41c2b7..7e5867968 100644 +index 54f41c2b75..7e58679685 100644 --- a/sasl.fc +++ b/sasl.fc @@ -1,7 +1,12 @@ @@ -100645,7 +100646,7 @@ index 54f41c2b7..7e5867968 100644 +/var/lib/sasl2(/.*)? gen_context(system_u:object_r:saslauthd_var_run_t,s0) /var/run/saslauthd(/.*)? gen_context(system_u:object_r:saslauthd_var_run_t,s0) diff --git a/sasl.if b/sasl.if -index 8c3c151cb..93b722789 100644 +index 8c3c151cbf..93b7227892 100644 --- a/sasl.if +++ b/sasl.if @@ -1,4 +1,4 @@ @@ -100681,7 +100682,7 @@ index 8c3c151cb..93b722789 100644 domain_system_change_exemption($1) role_transition $2 saslauthd_initrc_exec_t system_r; diff --git a/sasl.te b/sasl.te -index 6c3bc2059..eb05a4920 100644 +index 6c3bc20594..eb05a49202 100644 --- a/sasl.te +++ b/sasl.te @@ -6,12 +6,11 @@ policy_module(sasl, 1.15.1) @@ -100797,7 +100798,7 @@ index 6c3bc2059..eb05a4920 100644 optional_policy(` diff --git a/sbd.fc b/sbd.fc new file mode 100644 -index 000000000..41768eed0 +index 0000000000..41768eed0f --- /dev/null +++ b/sbd.fc @@ -0,0 +1,7 @@ @@ -100810,7 +100811,7 @@ index 000000000..41768eed0 +/var/run/sbd.* -- gen_context(system_u:object_r:sbd_var_run_t,s0) diff --git a/sbd.if b/sbd.if new file mode 100644 -index 000000000..7a058a82a +index 0000000000..7a058a82aa --- /dev/null +++ b/sbd.if @@ -0,0 +1,126 @@ @@ -100942,7 +100943,7 @@ index 000000000..7a058a82a +') diff --git a/sbd.te b/sbd.te new file mode 100644 -index 000000000..5aea5cbe1 +index 0000000000..5aea5cbe1d --- /dev/null +++ b/sbd.te @@ -0,0 +1,71 @@ @@ -101018,7 +101019,7 @@ index 000000000..5aea5cbe1 + +') diff --git a/sblim.fc b/sblim.fc -index 68a550d54..e976fc62e 100644 +index 68a550d54b..e976fc62e8 100644 --- a/sblim.fc +++ b/sblim.fc @@ -1,6 +1,10 @@ @@ -101033,7 +101034,7 @@ index 68a550d54..e976fc62e 100644 /var/run/gather(/.*)? gen_context(system_u:object_r:sblim_var_run_t,s0) diff --git a/sblim.if b/sblim.if -index 98c9e0a88..562666e06 100644 +index 98c9e0a884..562666e065 100644 --- a/sblim.if +++ b/sblim.if @@ -1,8 +1,36 @@ @@ -101227,7 +101228,7 @@ index 98c9e0a88..562666e06 100644 files_search_pids($1) admin_pattern($1, sblim_var_run_t) diff --git a/sblim.te b/sblim.te -index 299756bc8..6a6dc53c7 100644 +index 299756bc85..6a6dc53c71 100644 --- a/sblim.te +++ b/sblim.te @@ -7,13 +7,11 @@ policy_module(sblim, 1.1.0) @@ -101405,7 +101406,7 @@ index 299756bc8..6a6dc53c7 100644 + qemu_getattr_exec(sblim_sfcbd_t) +') diff --git a/screen.fc b/screen.fc -index e7c2cf74f..435aaa61c 100644 +index e7c2cf74fa..435aaa61cf 100644 --- a/screen.fc +++ b/screen.fc @@ -2,8 +2,10 @@ HOME_DIR/\.screen(/.*)? gen_context(system_u:object_r:screen_home_t,s0) @@ -101424,7 +101425,7 @@ index e7c2cf74f..435aaa61c 100644 +/var/run/screen(/.*)? gen_context(system_u:object_r:screen_var_run_t,s0) +/var/run/tmux(/.*)? gen_context(system_u:object_r:screen_var_run_t,s0) diff --git a/screen.if b/screen.if -index be5cce2d3..7b4d6294c 100644 +index be5cce2d37..7b4d6294c3 100644 --- a/screen.if +++ b/screen.if @@ -1,4 +1,4 @@ @@ -101565,7 +101566,7 @@ index be5cce2d3..7b4d6294c 100644 +') + diff --git a/screen.te b/screen.te -index 5466a7327..33598f3b3 100644 +index 5466a73277..33598f3b33 100644 --- a/screen.te +++ b/screen.te @@ -5,9 +5,7 @@ policy_module(screen, 2.6.0) @@ -101707,7 +101708,7 @@ index 5466a7327..33598f3b3 100644 - fs_read_nfs_symlinks(screen_domain) -') diff --git a/sectoolm.fc b/sectoolm.fc -index 64a239453..3f1dac59a 100644 +index 64a239453e..3f1dac59aa 100644 --- a/sectoolm.fc +++ b/sectoolm.fc @@ -1,5 +1,4 @@ @@ -101719,7 +101720,7 @@ index 64a239453..3f1dac59a 100644 +/var/lib/sectool(/.*)? gen_context(system_u:object_r:sectool_var_lib_t,s0) +/var/log/sectool\.log.* -- gen_context(system_u:object_r:sectool_var_log_t,s0) diff --git a/sectoolm.if b/sectoolm.if -index c78a569c3..900745118 100644 +index c78a569c3b..9007451188 100644 --- a/sectoolm.if +++ b/sectoolm.if @@ -1,24 +1,2 @@ @@ -101749,7 +101750,7 @@ index c78a569c3..900745118 100644 - allow sectoolm_t $2:unix_dgram_socket sendto; -') diff --git a/sectoolm.te b/sectoolm.te -index 4bc8c13ea..e05d74d48 100644 +index 4bc8c13eab..e05d74d48a 100644 --- a/sectoolm.te +++ b/sectoolm.te @@ -7,7 +7,7 @@ policy_module(sectoolm, 1.1.0) @@ -101842,7 +101843,7 @@ index 4bc8c13ea..e05d74d48 100644 prelink_domtrans(sectoolm_t) ') diff --git a/sendmail.fc b/sendmail.fc -index d14b6bfc7..da5d41d5c 100644 +index d14b6bfc7b..da5d41d5c0 100644 --- a/sendmail.fc +++ b/sendmail.fc @@ -1,7 +1,8 @@ @@ -101860,7 +101861,7 @@ index d14b6bfc7..da5d41d5c 100644 +/var/run/sendmail\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0) +/var/run/sm-client\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0) diff --git a/sendmail.if b/sendmail.if -index 35ad2a733..afdc7da29 100644 +index 35ad2a733b..afdc7da29e 100644 --- a/sendmail.if +++ b/sendmail.if @@ -1,4 +1,4 @@ @@ -102153,7 +102154,7 @@ index 35ad2a733..afdc7da29 100644 + admin_pattern($1, mail_spool_t) ') diff --git a/sendmail.te b/sendmail.te -index 12700b413..8ba299515 100644 +index 12700b4133..8ba2995151 100644 --- a/sendmail.te +++ b/sendmail.te @@ -37,21 +37,23 @@ role sendmail_unconfined_roles types unconfined_sendmail_t; @@ -102341,7 +102342,7 @@ index 12700b413..8ba299515 100644 unconfined_domain(unconfined_sendmail_t) ') diff --git a/sensord.fc b/sensord.fc -index 8185d5a6b..9be989a08 100644 +index 8185d5a6be..9be989a082 100644 --- a/sensord.fc +++ b/sensord.fc @@ -1,5 +1,9 @@ @@ -102355,7 +102356,7 @@ index 8185d5a6b..9be989a08 100644 + /var/run/sensord\.pid -- gen_context(system_u:object_r:sensord_var_run_t,s0) diff --git a/sensord.if b/sensord.if -index d204752b3..85631b346 100644 +index d204752b3a..85631b346f 100644 --- a/sensord.if +++ b/sensord.if @@ -1,35 +1,81 @@ @@ -102453,7 +102454,7 @@ index d204752b3..85631b346 100644 + ') ') diff --git a/sensord.te b/sensord.te -index 5e82fd616..ddb249dfb 100644 +index 5e82fd616c..ddb249dfbe 100644 --- a/sensord.te +++ b/sensord.te @@ -9,27 +9,38 @@ type sensord_t; @@ -102499,7 +102500,7 @@ index 5e82fd616..ddb249dfb 100644 -miscfiles_read_localization(sensord_t) diff --git a/setroubleshoot.fc b/setroubleshoot.fc -index 0b3a971f4..397a5225b 100644 +index 0b3a971f4d..397a5225b0 100644 --- a/setroubleshoot.fc +++ b/setroubleshoot.fc @@ -1,9 +1,9 @@ @@ -102517,7 +102518,7 @@ index 0b3a971f4..397a5225b 100644 -/var/lib/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0) +/var/lib/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0) diff --git a/setroubleshoot.if b/setroubleshoot.if -index 3a9a70bef..903109c98 100644 +index 3a9a70befb..903109c987 100644 --- a/setroubleshoot.if +++ b/setroubleshoot.if @@ -1,9 +1,8 @@ @@ -102620,7 +102621,7 @@ index 3a9a70bef..903109c98 100644 logging_list_logs($1) admin_pattern($1, setroubleshoot_var_log_t) diff --git a/setroubleshoot.te b/setroubleshoot.te -index ce6793506..130eca9f1 100644 +index ce6793506e..130eca9f16 100644 --- a/setroubleshoot.te +++ b/setroubleshoot.te @@ -7,43 +7,52 @@ policy_module(setroubleshoot, 1.12.1) @@ -102851,7 +102852,7 @@ index ce6793506..130eca9f1 100644 +') diff --git a/sge.fc b/sge.fc new file mode 100644 -index 000000000..160ddc2b8 +index 0000000000..160ddc2b8a --- /dev/null +++ b/sge.fc @@ -0,0 +1,6 @@ @@ -102863,7 +102864,7 @@ index 000000000..160ddc2b8 + diff --git a/sge.if b/sge.if new file mode 100644 -index 000000000..30f0ec352 +index 0000000000..30f0ec3526 --- /dev/null +++ b/sge.if @@ -0,0 +1,43 @@ @@ -102912,7 +102913,7 @@ index 000000000..30f0ec352 +') diff --git a/sge.te b/sge.te new file mode 100644 -index 000000000..ba26713d2 +index 0000000000..ba26713d2b --- /dev/null +++ b/sge.te @@ -0,0 +1,203 @@ @@ -103120,7 +103121,7 @@ index 000000000..ba26713d2 + nslcd_stream_connect(sge_domain) +') diff --git a/shorewall.if b/shorewall.if -index 1aeef8ac3..d5ce40a96 100644 +index 1aeef8ac39..d5ce40a96d 100644 --- a/shorewall.if +++ b/shorewall.if @@ -1,4 +1,4 @@ @@ -103303,7 +103304,7 @@ index 1aeef8ac3..d5ce40a96 100644 admin_pattern($1, shorewall_etc_t) diff --git a/shorewall.te b/shorewall.te -index 7710b9f76..04af4ec4d 100644 +index 7710b9f76b..04af4ec4d0 100644 --- a/shorewall.te +++ b/shorewall.te @@ -32,8 +32,9 @@ logging_log_file(shorewall_log_t) @@ -103374,7 +103375,7 @@ index 7710b9f76..04af4ec4d 100644 ulogd_search_log(shorewall_t) ') diff --git a/shutdown.fc b/shutdown.fc -index a91f33b0f..631dbc1dc 100644 +index a91f33b0ff..631dbc1dc9 100644 --- a/shutdown.fc +++ b/shutdown.fc @@ -8,4 +8,4 @@ @@ -103384,7 +103385,7 @@ index a91f33b0f..631dbc1dc 100644 -/var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0) +/var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0) diff --git a/shutdown.if b/shutdown.if -index d1706bf87..3aa7c9fd1 100644 +index d1706bf87f..3aa7c9fd14 100644 --- a/shutdown.if +++ b/shutdown.if @@ -1,30 +1,4 @@ @@ -103540,7 +103541,7 @@ index d1706bf87..3aa7c9fd1 100644 ## ## diff --git a/shutdown.te b/shutdown.te -index e2544e147..2196974f5 100644 +index e2544e147c..2196974f59 100644 --- a/shutdown.te +++ b/shutdown.te @@ -24,7 +24,7 @@ files_pid_file(shutdown_var_run_t) @@ -103589,7 +103590,7 @@ index e2544e147..2196974f5 100644 + xserver_xdm_append_log(shutdown_t) ') diff --git a/slocate.te b/slocate.te -index 7292dc064..26fc8f4bc 100644 +index 7292dc0645..26fc8f4bc9 100644 --- a/slocate.te +++ b/slocate.te @@ -44,8 +44,12 @@ dev_getattr_all_blk_files(locate_t) @@ -103623,7 +103624,7 @@ index 7292dc064..26fc8f4bc 100644 +') + diff --git a/slpd.if b/slpd.if -index ca32e8946..98278dd2c 100644 +index ca32e89463..98278dd2cd 100644 --- a/slpd.if +++ b/slpd.if @@ -1,5 +1,42 @@ @@ -103690,7 +103691,7 @@ index ca32e8946..98278dd2c 100644 + ') diff --git a/slpd.te b/slpd.te -index 731512a66..4ce76cd9c 100644 +index 731512a664..4ce76cd9c3 100644 --- a/slpd.te +++ b/slpd.te @@ -23,7 +23,7 @@ files_pid_file(slpd_var_run_t) @@ -103727,7 +103728,7 @@ index 731512a66..4ce76cd9c 100644 + +sysnet_dns_name_resolve(slpd_t) diff --git a/slrnpull.te b/slrnpull.te -index 59eb07fa9..4626942ae 100644 +index 59eb07fa94..4626942ae2 100644 --- a/slrnpull.te +++ b/slrnpull.te @@ -13,7 +13,7 @@ type slrnpull_var_run_t; @@ -103757,7 +103758,7 @@ index 59eb07fa9..4626942ae 100644 userdom_dontaudit_search_user_home_dirs(slrnpull_t) diff --git a/smartmon.if b/smartmon.if -index e0644b5cf..ea347ccd5 100644 +index e0644b5cfc..ea347ccd52 100644 --- a/smartmon.if +++ b/smartmon.if @@ -42,9 +42,13 @@ interface(`smartmon_admin',` @@ -103776,7 +103777,7 @@ index e0644b5cf..ea347ccd5 100644 domain_system_change_exemption($1) role_transition $2 fsdaemon_initrc_exec_t system_r; diff --git a/smartmon.te b/smartmon.te -index 9cf6582d2..052179c3f 100644 +index 9cf6582d27..052179c3fa 100644 --- a/smartmon.te +++ b/smartmon.te @@ -38,7 +38,7 @@ ifdef(`enable_mls',` @@ -103857,7 +103858,7 @@ index 9cf6582d2..052179c3f 100644 + virt_read_images(fsdaemon_t) ') diff --git a/smokeping.fc b/smokeping.fc -index 335981945..a231ecb56 100644 +index 335981945e..a231ecb561 100644 --- a/smokeping.fc +++ b/smokeping.fc @@ -2,7 +2,7 @@ @@ -103870,7 +103871,7 @@ index 335981945..a231ecb56 100644 /var/lib/smokeping(/.*)? gen_context(system_u:object_r:smokeping_var_lib_t,s0) diff --git a/smokeping.if b/smokeping.if -index 1fa51c11f..82e111c80 100644 +index 1fa51c11ff..82e111c80e 100644 --- a/smokeping.if +++ b/smokeping.if @@ -158,8 +158,11 @@ interface(`smokeping_admin',` @@ -103887,7 +103888,7 @@ index 1fa51c11f..82e111c80 100644 smokeping_initrc_domtrans($1) domain_system_change_exemption($1) diff --git a/smokeping.te b/smokeping.te -index ec031a031..61a9f8c08 100644 +index ec031a0310..61a9f8c081 100644 --- a/smokeping.te +++ b/smokeping.te @@ -24,6 +24,7 @@ files_type(smokeping_var_lib_t) @@ -103947,7 +103948,7 @@ index ec031a031..61a9f8c08 100644 + netutils_domtrans_ping(smokeping_cgi_script_t) ') diff --git a/smoltclient.te b/smoltclient.te -index b3f2c6f26..4e629a10b 100644 +index b3f2c6f260..4e629a10bc 100644 --- a/smoltclient.te +++ b/smoltclient.te @@ -40,6 +40,7 @@ corenet_tcp_sendrecv_generic_node(smoltclient_t) @@ -103986,7 +103987,7 @@ index b3f2c6f26..4e629a10b 100644 rpm_read_db(smoltclient_t) diff --git a/smsd.fc b/smsd.fc new file mode 100644 -index 000000000..4c3fcec7d +index 0000000000..4c3fcec7da --- /dev/null +++ b/smsd.fc @@ -0,0 +1,11 @@ @@ -104003,7 +104004,7 @@ index 000000000..4c3fcec7d +/var/spool/sms(/.*)? gen_context(system_u:object_r:smsd_spool_t,s0) diff --git a/smsd.if b/smsd.if new file mode 100644 -index 000000000..52450c700 +index 0000000000..52450c7003 --- /dev/null +++ b/smsd.if @@ -0,0 +1,240 @@ @@ -104249,7 +104250,7 @@ index 000000000..52450c700 +') diff --git a/smsd.te b/smsd.te new file mode 100644 -index 000000000..1fad7b8da +index 0000000000..1fad7b8dae --- /dev/null +++ b/smsd.te @@ -0,0 +1,73 @@ @@ -104327,7 +104328,7 @@ index 000000000..1fad7b8da + +sysnet_dns_name_resolve(smsd_t) diff --git a/smstools.if b/smstools.if -index cbfe369a6..6594af373 100644 +index cbfe369a69..6594af373d 100644 --- a/smstools.if +++ b/smstools.if @@ -1,5 +1,81 @@ @@ -104423,7 +104424,7 @@ index cbfe369a6..6594af373 100644 files_search_var_lib($1) diff --git a/snapper.fc b/snapper.fc new file mode 100644 -index 000000000..0a43846a8 +index 0000000000..0a43846a86 --- /dev/null +++ b/snapper.fc @@ -0,0 +1,15 @@ @@ -104444,7 +104445,7 @@ index 000000000..0a43846a8 +/home/(.*/)?\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) diff --git a/snapper.if b/snapper.if new file mode 100644 -index 000000000..6e3a54de7 +index 0000000000..6e3a54de7f --- /dev/null +++ b/snapper.if @@ -0,0 +1,81 @@ @@ -104531,7 +104532,7 @@ index 000000000..6e3a54de7 + diff --git a/snapper.te b/snapper.te new file mode 100644 -index 000000000..5be6d3542 +index 0000000000..5be6d3542b --- /dev/null +++ b/snapper.te @@ -0,0 +1,88 @@ @@ -104624,7 +104625,7 @@ index 000000000..5be6d3542 +') + diff --git a/snmp.fc b/snmp.fc -index 2f0a2f205..1569e3369 100644 +index 2f0a2f2059..1569e33695 100644 --- a/snmp.fc +++ b/snmp.fc @@ -1,6 +1,6 @@ @@ -104651,7 +104652,7 @@ index 2f0a2f205..1569e3369 100644 +/var/run/snmpd(/.*)? gen_context(system_u:object_r:snmpd_var_run_t,s0) /var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0) diff --git a/snmp.if b/snmp.if -index 7a9cc9df7..6085a4160 100644 +index 7a9cc9df74..6085a4160d 100644 --- a/snmp.if +++ b/snmp.if @@ -1,5 +1,23 @@ @@ -104812,7 +104813,7 @@ index 7a9cc9df7..6085a4160 100644 init_labeled_script_domtrans($1, snmpd_initrc_exec_t) domain_system_change_exemption($1) diff --git a/snmp.te b/snmp.te -index 9dcaeb875..e8446db05 100644 +index 9dcaeb8757..e8446db05e 100644 --- a/snmp.te +++ b/snmp.te @@ -26,15 +26,17 @@ files_type(snmpd_var_lib_t) @@ -104913,7 +104914,7 @@ index 9dcaeb875..e8446db05 100644 ') diff --git a/snort.if b/snort.if -index 7d86b3485..5f581804e 100644 +index 7d86b34857..5f581804e2 100644 --- a/snort.if +++ b/snort.if @@ -42,8 +42,11 @@ interface(`snort_admin',` @@ -104945,7 +104946,7 @@ index 7d86b3485..5f581804e 100644 + files_list_pids($1) ') diff --git a/snort.te b/snort.te -index 1af72df55..d545f2aea 100644 +index 1af72df55e..d545f2aea9 100644 --- a/snort.te +++ b/snort.te @@ -29,13 +29,16 @@ files_pid_file(snort_var_run_t) @@ -105010,7 +105011,7 @@ index 1af72df55..d545f2aea 100644 userdom_dontaudit_use_unpriv_user_fds(snort_t) diff --git a/sosreport.if b/sosreport.if -index 634c6b4fa..f6db7a796 100644 +index 634c6b4fa5..f6db7a796d 100644 --- a/sosreport.if +++ b/sosreport.if @@ -42,7 +42,7 @@ interface(`sosreport_run',` @@ -105046,7 +105047,7 @@ index 634c6b4fa..f6db7a796 100644 +') + diff --git a/sosreport.te b/sosreport.te -index f2f507dae..ff7df2c9d 100644 +index f2f507dae3..ff7df2c9d3 100644 --- a/sosreport.te +++ b/sosreport.te @@ -13,15 +13,15 @@ type sosreport_exec_t; @@ -105270,7 +105271,7 @@ index f2f507dae..ff7df2c9d 100644 optional_policy(` diff --git a/soundserver.if b/soundserver.if -index a5abc5a8d..b9eff74cb 100644 +index a5abc5a8db..b9eff74cb8 100644 --- a/soundserver.if +++ b/soundserver.if @@ -38,9 +38,13 @@ interface(`soundserver_admin',` @@ -105289,7 +105290,7 @@ index a5abc5a8d..b9eff74cb 100644 domain_system_change_exemption($1) role_transition $2 soundd_initrc_exec_t system_r; diff --git a/soundserver.te b/soundserver.te -index 0919e0c86..df28aadba 100644 +index 0919e0c866..df28aadba4 100644 --- a/soundserver.te +++ b/soundserver.te @@ -32,7 +32,7 @@ files_pid_file(soundd_var_run_t) @@ -105327,7 +105328,7 @@ index 0919e0c86..df28aadba 100644 userdom_dontaudit_use_unpriv_user_fds(soundd_t) diff --git a/spamassassin.fc b/spamassassin.fc -index e9bd097b7..5724bcf0f 100644 +index e9bd097b79..5724bcf0f2 100644 --- a/spamassassin.fc +++ b/spamassassin.fc @@ -1,20 +1,27 @@ @@ -105392,7 +105393,7 @@ index e9bd097b7..5724bcf0f 100644 +/usr/bin/pyzor -- gen_context(system_u:object_r:spamc_exec_t,s0) +/usr/bin/pyzord -- gen_context(system_u:object_r:spamd_exec_t,s0) diff --git a/spamassassin.if b/spamassassin.if -index 1499b0bbf..e695a62f3 100644 +index 1499b0bbfe..e695a62f34 100644 --- a/spamassassin.if +++ b/spamassassin.if @@ -2,39 +2,45 @@ @@ -105847,7 +105848,7 @@ index 1499b0bbf..e695a62f3 100644 - spamassassin_role($2, $1) ') diff --git a/spamassassin.te b/spamassassin.te -index cc58e3578..c7a301d4f 100644 +index cc58e3578f..c7a301d4fd 100644 --- a/spamassassin.te +++ b/spamassassin.te @@ -7,50 +7,30 @@ policy_module(spamassassin, 2.6.1) @@ -106654,7 +106655,7 @@ index cc58e3578..c7a301d4f 100644 ') diff --git a/speech-dispatcher.fc b/speech-dispatcher.fc new file mode 100644 -index 000000000..545f68233 +index 0000000000..545f68233e --- /dev/null +++ b/speech-dispatcher.fc @@ -0,0 +1,5 @@ @@ -106665,7 +106666,7 @@ index 000000000..545f68233 +/var/log/speech-dispatcher(/.*)? gen_context(system_u:object_r:speech-dispatcher_log_t,s0) diff --git a/speech-dispatcher.if b/speech-dispatcher.if new file mode 100644 -index 000000000..4cb910462 +index 0000000000..4cb9104629 --- /dev/null +++ b/speech-dispatcher.if @@ -0,0 +1,143 @@ @@ -106814,7 +106815,7 @@ index 000000000..4cb910462 +') diff --git a/speech-dispatcher.te b/speech-dispatcher.te new file mode 100644 -index 000000000..473947312 +index 0000000000..4739473123 --- /dev/null +++ b/speech-dispatcher.te @@ -0,0 +1,61 @@ @@ -106880,7 +106881,7 @@ index 000000000..473947312 +dev_read_urand(speech-dispatcher_t) + diff --git a/speedtouch.te b/speedtouch.te -index b38b8b180..eb36653b8 100644 +index b38b8b1801..eb36653b84 100644 --- a/speedtouch.te +++ b/speedtouch.te @@ -39,16 +39,12 @@ dev_read_usbfs(speedmgmt_t) @@ -106901,7 +106902,7 @@ index b38b8b180..eb36653b8 100644 userdom_dontaudit_search_user_home_dirs(speedmgmt_t) diff --git a/squid.fc b/squid.fc -index 0a8b0f7c0..2a569691f 100644 +index 0a8b0f7c02..2a569691f0 100644 --- a/squid.fc +++ b/squid.fc @@ -1,20 +1,29 @@ @@ -106941,7 +106942,7 @@ index 0a8b0f7c0..2a569691f 100644 -/var/squidGuard(/.*)? gen_context(system_u:object_r:squid_cache_t,s0) +/var/lightsquid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0) diff --git a/squid.if b/squid.if -index 5e1f0534c..e7820bce3 100644 +index 5e1f0534c7..e7820bce39 100644 --- a/squid.if +++ b/squid.if @@ -72,7 +72,7 @@ interface(`squid_rw_stream_sockets',` @@ -106977,7 +106978,7 @@ index 5e1f0534c..e7820bce3 100644 domain_system_change_exemption($1) role_transition $2 squid_initrc_exec_t system_r; diff --git a/squid.te b/squid.te -index 03472ed9b..4b272687e 100644 +index 03472ed9b2..4b272687e2 100644 --- a/squid.te +++ b/squid.te @@ -29,7 +29,7 @@ type squid_cache_t; @@ -107162,7 +107163,7 @@ index 03472ed9b..4b272687e 100644 + cron_system_entry(squid_cron_t, squid_cron_exec_t) +') diff --git a/sssd.fc b/sssd.fc -index dbb005aca..da2394c68 100644 +index dbb005acab..da2394c685 100644 --- a/sssd.fc +++ b/sssd.fc @@ -1,15 +1,23 @@ @@ -107196,7 +107197,7 @@ index dbb005aca..da2394c68 100644 +/var/run/secrets\.socket -s gen_context(system_u:object_r:sssd_var_run_t,s0) +/var/run/\.heim_org\.h5l\.kcm-socket -s gen_context(system_u:object_r:sssd_var_run_t,s0) diff --git a/sssd.if b/sssd.if -index a24045518..2d4b9b2fa 100644 +index a24045518c..2d4b9b2faf 100644 --- a/sssd.if +++ b/sssd.if @@ -1,21 +1,21 @@ @@ -107712,7 +107713,7 @@ index a24045518..2d4b9b2fa 100644 - admin_pattern($1, sssd_log_t) ') diff --git a/sssd.te b/sssd.te -index 2d8db1fa3..07cf9c8ac 100644 +index 2d8db1fa3b..07cf9c8ac6 100644 --- a/sssd.te +++ b/sssd.te @@ -28,51 +28,58 @@ logging_log_file(sssd_var_log_t) @@ -107911,7 +107912,7 @@ index 2d8db1fa3..07cf9c8ac 100644 + diff --git a/stapserver.fc b/stapserver.fc new file mode 100644 -index 000000000..0ccce5918 +index 0000000000..0ccce5918f --- /dev/null +++ b/stapserver.fc @@ -0,0 +1,7 @@ @@ -107924,7 +107925,7 @@ index 000000000..0ccce5918 +/var/run/stap-server(/.*)? gen_context(system_u:object_r:stapserver_var_run_t,s0) diff --git a/stapserver.if b/stapserver.if new file mode 100644 -index 000000000..80c648055 +index 0000000000..80c6480555 --- /dev/null +++ b/stapserver.if @@ -0,0 +1,151 @@ @@ -108083,7 +108084,7 @@ diff --git a/systemtap.te b/stapserver.te similarity index 62% rename from systemtap.te rename to stapserver.te -index ffde36864..fbfffa42a 100644 +index ffde368643..fbfffa42ab 100644 --- a/systemtap.te +++ b/stapserver.te @@ -1,4 +1,4 @@ @@ -108208,7 +108209,7 @@ index ffde36864..fbfffa42a 100644 ') + diff --git a/stunnel.fc b/stunnel.fc -index 49dd63ca1..ae2e798f5 100644 +index 49dd63ca10..ae2e798f55 100644 --- a/stunnel.fc +++ b/stunnel.fc @@ -5,3 +5,5 @@ @@ -108218,7 +108219,7 @@ index 49dd63ca1..ae2e798f5 100644 + +/var/log/stunnel.* -- gen_context(system_u:object_r:stunnel_log_t,s0) diff --git a/stunnel.te b/stunnel.te -index 27a8480bc..89b475bcb 100644 +index 27a8480bc9..89b475bcb7 100644 --- a/stunnel.te +++ b/stunnel.te @@ -12,6 +12,9 @@ init_daemon_domain(stunnel_t, stunnel_exec_t) @@ -108276,7 +108277,7 @@ index 27a8480bc..89b475bcb 100644 + allow stunnel_t stunnel_port_t:tcp_socket name_bind; diff --git a/svnserve.fc b/svnserve.fc -index effffd028..0d5c275de 100644 +index effffd0285..0d5c275de9 100644 --- a/svnserve.fc +++ b/svnserve.fc @@ -1,8 +1,15 @@ @@ -108301,7 +108302,7 @@ index effffd028..0d5c275de 100644 + +/var/log/svnserve(/.*)? gen_context(system_u:object_r:svnserve_log_t,s0) diff --git a/svnserve.if b/svnserve.if -index 2ac91b6e0..a97033d2b 100644 +index 2ac91b6e0a..a97033d2b7 100644 --- a/svnserve.if +++ b/svnserve.if @@ -1,35 +1,119 @@ @@ -108438,7 +108439,7 @@ index 2ac91b6e0..a97033d2b 100644 ') + diff --git a/svnserve.te b/svnserve.te -index 49d688d66..ed880b23c 100644 +index 49d688d66b..ed880b23c9 100644 --- a/svnserve.te +++ b/svnserve.te @@ -12,12 +12,21 @@ init_daemon_domain(svnserve_t, svnserve_exec_t) @@ -108520,7 +108521,7 @@ index 49d688d66..ed880b23c 100644 +') diff --git a/swift.fc b/swift.fc new file mode 100644 -index 000000000..6d897bc25 +index 0000000000..6d897bc25f --- /dev/null +++ b/swift.fc @@ -0,0 +1,36 @@ @@ -108562,7 +108563,7 @@ index 000000000..6d897bc25 +') diff --git a/swift.if b/swift.if new file mode 100644 -index 000000000..af26807a7 +index 0000000000..af26807a78 --- /dev/null +++ b/swift.if @@ -0,0 +1,156 @@ @@ -108724,7 +108725,7 @@ index 000000000..af26807a7 +') diff --git a/swift.te b/swift.te new file mode 100644 -index 000000000..c2f086fe7 +index 0000000000..c2f086fe70 --- /dev/null +++ b/swift.te @@ -0,0 +1,129 @@ @@ -108859,14 +108860,14 @@ index 000000000..c2f086fe7 +') diff --git a/swift_alias.fc b/swift_alias.fc new file mode 100644 -index 000000000..b7db25411 +index 0000000000..b7db25411d --- /dev/null +++ b/swift_alias.fc @@ -0,0 +1 @@ +# Empty diff --git a/swift_alias.if b/swift_alias.if new file mode 100644 -index 000000000..3fed1a374 +index 0000000000..3fed1a374f --- /dev/null +++ b/swift_alias.if @@ -0,0 +1,2 @@ @@ -108874,7 +108875,7 @@ index 000000000..3fed1a374 +## swift_alias policy module diff --git a/swift_alias.te b/swift_alias.te new file mode 100644 -index 000000000..6e39c4fff +index 0000000000..6e39c4ffff --- /dev/null +++ b/swift_alias.te @@ -0,0 +1,26 @@ @@ -108905,7 +108906,7 @@ index 000000000..6e39c4fff + + diff --git a/sxid.te b/sxid.te -index 01a9d0acd..154872e4b 100644 +index 01a9d0acd6..154872e4bf 100644 --- a/sxid.te +++ b/sxid.te @@ -40,7 +40,6 @@ kernel_read_kernel_sysctls(sxid_t) @@ -108935,7 +108936,7 @@ index 01a9d0acd..154872e4b 100644 userdom_dontaudit_use_unpriv_user_fds(sxid_t) diff --git a/sysstat.te b/sysstat.te -index b92f6775a..efb2f855c 100644 +index b92f6775a5..efb2f855c4 100644 --- a/sysstat.te +++ b/sysstat.te @@ -20,13 +20,11 @@ logging_log_file(sysstat_log_t) @@ -108994,7 +108995,7 @@ index b92f6775a..efb2f855c 100644 + diff --git a/systemtap.fc b/systemtap.fc deleted file mode 100644 -index 1710cbbe8..000000000 +index 1710cbbe8f..0000000000 --- a/systemtap.fc +++ /dev/null @@ -1,11 +0,0 @@ @@ -109011,7 +109012,7 @@ index 1710cbbe8..000000000 -/var/run/stap-server(/.*)? gen_context(system_u:object_r:stapserver_var_run_t,s0) diff --git a/systemtap.if b/systemtap.if deleted file mode 100644 -index c755e2d93..000000000 +index c755e2d93c..0000000000 --- a/systemtap.if +++ /dev/null @@ -1,45 +0,0 @@ @@ -109062,7 +109063,7 @@ index c755e2d93..000000000 -') diff --git a/tangd.fc b/tangd.fc new file mode 100644 -index 000000000..530593ba5 +index 0000000000..530593ba51 --- /dev/null +++ b/tangd.fc @@ -0,0 +1,10 @@ @@ -109078,7 +109079,7 @@ index 000000000..530593ba5 +/var/db/tang(/.*)? gen_context(system_u:object_r:tangd_db_t,s0) diff --git a/tangd.if b/tangd.if new file mode 100644 -index 000000000..37c8b6908 +index 0000000000..37c8b69087 --- /dev/null +++ b/tangd.if @@ -0,0 +1,40 @@ @@ -109124,7 +109125,7 @@ index 000000000..37c8b6908 + diff --git a/tangd.te b/tangd.te new file mode 100644 -index 000000000..ee4c6a450 +index 0000000000..ee4c6a4502 --- /dev/null +++ b/tangd.te @@ -0,0 +1,49 @@ @@ -109179,7 +109180,7 @@ index 000000000..ee4c6a450 +miscfiles_read_certs(tangd_t) diff --git a/targetd.fc b/targetd.fc new file mode 100644 -index 000000000..c1ef0535f +index 0000000000..c1ef0535ff --- /dev/null +++ b/targetd.fc @@ -0,0 +1,5 @@ @@ -109190,7 +109191,7 @@ index 000000000..c1ef0535f +/usr/lib/systemd/system/targetd.* -- gen_context(system_u:object_r:targetd_unit_file_t,s0) diff --git a/targetd.if b/targetd.if new file mode 100644 -index 000000000..a6e216c73 +index 0000000000..a6e216c732 --- /dev/null +++ b/targetd.if @@ -0,0 +1,167 @@ @@ -109363,7 +109364,7 @@ index 000000000..a6e216c73 + diff --git a/targetd.te b/targetd.te new file mode 100644 -index 000000000..3496fd830 +index 0000000000..3496fd830a --- /dev/null +++ b/targetd.te @@ -0,0 +1,115 @@ @@ -109483,7 +109484,7 @@ index 000000000..3496fd830 +') + diff --git a/tcpd.te b/tcpd.te -index 2d6d2c23d..db18a804b 100644 +index 2d6d2c23d6..db18a804b4 100644 --- a/tcpd.te +++ b/tcpd.te @@ -23,7 +23,6 @@ manage_dirs_pattern(tcpd_t, tcpd_tmp_t, tcpd_tmp_t) @@ -109512,7 +109513,7 @@ index 2d6d2c23d..db18a804b 100644 inetd_domtrans_child(tcpd_t) diff --git a/tcsd.if b/tcsd.if -index b42ec1d83..91b8f71dc 100644 +index b42ec1d832..91b8f71dc6 100644 --- a/tcsd.if +++ b/tcsd.if @@ -138,8 +138,11 @@ interface(`tcsd_admin',` @@ -109529,7 +109530,7 @@ index b42ec1d83..91b8f71dc 100644 tcsd_initrc_domtrans($1) domain_system_change_exemption($1) diff --git a/tcsd.te b/tcsd.te -index b26d44a8c..5a79afdb5 100644 +index b26d44a8ce..5a79afdb58 100644 --- a/tcsd.te +++ b/tcsd.te @@ -20,7 +20,7 @@ files_type(tcsd_var_lib_t) @@ -109555,7 +109556,7 @@ index b26d44a8c..5a79afdb5 100644 - -miscfiles_read_localization(tcsd_t) diff --git a/telepathy.fc b/telepathy.fc -index 6c7f8f8a3..03fc88079 100644 +index 6c7f8f8a39..03fc880795 100644 --- a/telepathy.fc +++ b/telepathy.fc @@ -1,35 +1,23 @@ @@ -109614,7 +109615,7 @@ index 6c7f8f8a3..03fc88079 100644 +/usr/libexec/telepathy-stream-engine -- gen_context(system_u:object_r:telepathy_stream_engine_exec_t, s0) +/usr/libexec/telepathy-sunshine -- gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0) diff --git a/telepathy.if b/telepathy.if -index 42946bc10..9f70e4cf1 100644 +index 42946bc10b..9f70e4cf17 100644 --- a/telepathy.if +++ b/telepathy.if @@ -2,45 +2,39 @@ @@ -110031,7 +110032,7 @@ index 42946bc10..9f70e4cf1 100644 + can_exec($1, telepathy_executable) ') diff --git a/telepathy.te b/telepathy.te -index 9afcbc95c..b19622dc6 100644 +index 9afcbc95c2..b19622dc66 100644 --- a/telepathy.te +++ b/telepathy.te @@ -2,28 +2,27 @@ policy_module(telepathy, 1.4.2) @@ -110602,7 +110603,7 @@ index 9afcbc95c..b19622dc6 100644 ') + diff --git a/telnet.te b/telnet.te -index d7c863369..0d3d4392a 100644 +index d7c8633695..0d3d4392ad 100644 --- a/telnet.te +++ b/telnet.te @@ -27,19 +27,22 @@ files_pid_file(telnetd_var_run_t) @@ -110672,7 +110673,7 @@ index d7c863369..0d3d4392a 100644 kerberos_use(telnetd_t) ') diff --git a/tftp.fc b/tftp.fc -index 3dd87daf5..0d13384b0 100644 +index 3dd87daf5f..0d13384b01 100644 --- a/tftp.fc +++ b/tftp.fc @@ -1,9 +1,9 @@ @@ -110690,7 +110691,7 @@ index 3dd87daf5..0d13384b0 100644 -/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_rw_t,s0) +/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_rw_t,s0) diff --git a/tftp.if b/tftp.if -index 9957e300d..cd2132109 100644 +index 9957e300d8..cd2132109e 100644 --- a/tftp.if +++ b/tftp.if @@ -1,8 +1,8 @@ @@ -110958,7 +110959,7 @@ index 9957e300d..cd2132109 100644 + tftp_manage_config($1) ') diff --git a/tftp.te b/tftp.te -index cfaa2a19c..a9bc6f1ff 100644 +index cfaa2a19c8..a9bc6f1ff7 100644 --- a/tftp.te +++ b/tftp.te @@ -6,30 +6,24 @@ policy_module(tftp, 1.13.0) @@ -111126,7 +111127,7 @@ index cfaa2a19c..a9bc6f1ff 100644 optional_policy(` diff --git a/tgtd.fc b/tgtd.fc -index 38389e675..ae0f9ab51 100644 +index 38389e6754..ae0f9ab51f 100644 --- a/tgtd.fc +++ b/tgtd.fc @@ -1,7 +1,4 @@ @@ -111142,7 +111143,7 @@ index 38389e675..ae0f9ab51 100644 +/var/lib/tgtd(/.*)? gen_context(system_u:object_r:tgtd_var_lib_t,s0) +/var/run/tgtd.* gen_context(system_u:object_r:tgtd_var_run_t,s0) diff --git a/tgtd.if b/tgtd.if -index 5406b6ee8..dc5b46e28 100644 +index 5406b6ee8b..dc5b46e280 100644 --- a/tgtd.if +++ b/tgtd.if @@ -97,6 +97,6 @@ interface(`tgtd_admin',` @@ -111154,7 +111155,7 @@ index 5406b6ee8..dc5b46e28 100644 admin_pattern($1, tgtd_tmpfs_t) ') diff --git a/tgtd.te b/tgtd.te -index d01096386..65498f7a4 100644 +index d010963868..65498f7a4a 100644 --- a/tgtd.te +++ b/tgtd.te @@ -29,8 +29,8 @@ files_pid_file(tgtd_var_run_t) @@ -111210,7 +111211,7 @@ index d01096386..65498f7a4 100644 ') diff --git a/thin.fc b/thin.fc new file mode 100644 -index 000000000..1f8a9086c +index 0000000000..1f8a9086c0 --- /dev/null +++ b/thin.fc @@ -0,0 +1,12 @@ @@ -111228,7 +111229,7 @@ index 000000000..1f8a9086c +/var/run/thin(/.*)? gen_context(system_u:object_r:thin_var_run_t,s0) diff --git a/thin.if b/thin.if new file mode 100644 -index 000000000..5e3637e63 +index 0000000000..5e3637e639 --- /dev/null +++ b/thin.if @@ -0,0 +1,64 @@ @@ -111298,7 +111299,7 @@ index 000000000..5e3637e63 +') diff --git a/thin.te b/thin.te new file mode 100644 -index 000000000..e66fc8c34 +index 0000000000..e66fc8c34b --- /dev/null +++ b/thin.te @@ -0,0 +1,115 @@ @@ -111419,7 +111420,7 @@ index 000000000..e66fc8c34 +files_pid_filetrans(thin_aeolus_configserver_t, thin_aeolus_configserver_var_run_t, { dir file }) diff --git a/thumb.fc b/thumb.fc new file mode 100644 -index 000000000..115bf6c42 +index 0000000000..115bf6c42f --- /dev/null +++ b/thumb.fc @@ -0,0 +1,17 @@ @@ -111442,7 +111443,7 @@ index 000000000..115bf6c42 +/usr/lib/tumbler-?[^/]*/tumblerd -- gen_context(system_u:object_r:thumb_exec_t,s0) diff --git a/thumb.if b/thumb.if new file mode 100644 -index 000000000..d371f62f6 +index 0000000000..d371f62f60 --- /dev/null +++ b/thumb.if @@ -0,0 +1,153 @@ @@ -111601,7 +111602,7 @@ index 000000000..d371f62f6 +') diff --git a/thumb.te b/thumb.te new file mode 100644 -index 000000000..a66e74723 +index 0000000000..a66e74723f --- /dev/null +++ b/thumb.te @@ -0,0 +1,164 @@ @@ -111770,7 +111771,7 @@ index 000000000..a66e74723 + corenet_dontaudit_udp_bind_generic_node(thumb_t) +') diff --git a/thunderbird.te b/thunderbird.te -index 5e867da56..b25ea6e08 100644 +index 5e867da56e..b25ea6e08b 100644 --- a/thunderbird.te +++ b/thunderbird.te @@ -53,7 +53,6 @@ kernel_read_system_state(thunderbird_t) @@ -111825,7 +111826,7 @@ index 5e867da56..b25ea6e08 100644 ifndef(`enable_mls',` fs_search_removable(thunderbird_t) diff --git a/timidity.te b/timidity.te -index 97cd15589..49321a5bf 100644 +index 97cd15589c..49321a5bf0 100644 --- a/timidity.te +++ b/timidity.te @@ -36,7 +36,6 @@ fs_tmpfs_filetrans(timidity_t, timidity_tmpfs_t, { dir file lnk_file sock_file f @@ -111847,7 +111848,7 @@ index 97cd15589..49321a5bf 100644 fs_search_auto_mountpoints(timidity_t) diff --git a/tlp.fc b/tlp.fc new file mode 100644 -index 000000000..eef708d92 +index 0000000000..eef708d929 --- /dev/null +++ b/tlp.fc @@ -0,0 +1,7 @@ @@ -111860,7 +111861,7 @@ index 000000000..eef708d92 +/var/run/tlp(/.*)? gen_context(system_u:object_r:tlp_var_run_t,s0) diff --git a/tlp.if b/tlp.if new file mode 100644 -index 000000000..368e18842 +index 0000000000..368e188425 --- /dev/null +++ b/tlp.if @@ -0,0 +1,184 @@ @@ -112050,7 +112051,7 @@ index 000000000..368e18842 +') diff --git a/tlp.te b/tlp.te new file mode 100644 -index 000000000..80e71067a +index 0000000000..80e71067a3 --- /dev/null +++ b/tlp.te @@ -0,0 +1,95 @@ @@ -112150,7 +112151,7 @@ index 000000000..80e71067a + udev_domtrans(tlp_t) +') diff --git a/tmpreaper.te b/tmpreaper.te -index 585a77f95..0aca5b5fb 100644 +index 585a77f951..0aca5b5fb2 100644 --- a/tmpreaper.te +++ b/tmpreaper.te @@ -5,37 +5,74 @@ policy_module(tmpreaper, 1.7.1) @@ -112317,7 +112318,7 @@ index 585a77f95..0aca5b5fb 100644 + diff --git a/tomcat.fc b/tomcat.fc new file mode 100644 -index 000000000..1a401e366 +index 0000000000..1a401e3667 --- /dev/null +++ b/tomcat.fc @@ -0,0 +1,13 @@ @@ -112336,7 +112337,7 @@ index 000000000..1a401e366 +/var/run/tomcat6?\.pid -- gen_context(system_u:object_r:tomcat_var_run_t,s0) diff --git a/tomcat.if b/tomcat.if new file mode 100644 -index 000000000..6e6923b7e +index 0000000000..6e6923b7e4 --- /dev/null +++ b/tomcat.if @@ -0,0 +1,399 @@ @@ -112741,7 +112742,7 @@ index 000000000..6e6923b7e +') diff --git a/tomcat.te b/tomcat.te new file mode 100644 -index 000000000..4f16df698 +index 0000000000..4f16df698e --- /dev/null +++ b/tomcat.te @@ -0,0 +1,168 @@ @@ -112914,7 +112915,7 @@ index 000000000..4f16df698 + allow tomcat_domain self:process { execmem execstack }; +') diff --git a/tor.fc b/tor.fc -index dce42ecc5..b6b67bffe 100644 +index dce42ecc55..b6b67bffe2 100644 --- a/tor.fc +++ b/tor.fc @@ -5,6 +5,8 @@ @@ -112927,7 +112928,7 @@ index dce42ecc5..b6b67bffe 100644 /var/lib/tor-data(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0) diff --git a/tor.if b/tor.if -index 61c2e07d6..3b860953c 100644 +index 61c2e07d61..3b860953c4 100644 --- a/tor.if +++ b/tor.if @@ -19,6 +19,30 @@ interface(`tor_domtrans',` @@ -112997,7 +112998,7 @@ index 61c2e07d6..3b860953c 100644 + ') ') diff --git a/tor.te b/tor.te -index 5ceacde8c..9c178da36 100644 +index 5ceacde8c1..9c178da360 100644 --- a/tor.te +++ b/tor.te @@ -13,6 +13,13 @@ policy_module(tor, 1.9.0) @@ -113082,7 +113083,7 @@ index 5ceacde8c..9c178da36 100644 seutil_sigchld_newrole(tor_t) ') diff --git a/transproxy.te b/transproxy.te -index 34973ee4c..1c9a4c613 100644 +index 34973ee4cb..1c9a4c6139 100644 --- a/transproxy.te +++ b/transproxy.te @@ -32,7 +32,6 @@ kernel_read_kernel_sysctls(transproxy_t) @@ -113110,7 +113111,7 @@ index 34973ee4c..1c9a4c613 100644 userdom_dontaudit_use_unpriv_user_fds(transproxy_t) diff --git a/tripwire.te b/tripwire.te -index 03aa6b7f0..53c0c7366 100644 +index 03aa6b7f01..53c0c73665 100644 --- a/tripwire.te +++ b/tripwire.te @@ -47,7 +47,7 @@ role twprint_roles types twprint_t; @@ -113162,7 +113163,7 @@ index 03aa6b7f0..53c0c7366 100644 -userdom_use_user_terminals(siggen_t) +userdom_use_inherited_user_terminals(siggen_t) diff --git a/tuned.if b/tuned.if -index e29db63a2..061fb983c 100644 +index e29db63a2b..061fb983c9 100644 --- a/tuned.if +++ b/tuned.if @@ -119,9 +119,13 @@ interface(`tuned_admin',` @@ -113181,7 +113182,7 @@ index e29db63a2..061fb983c 100644 domain_system_change_exemption($1) role_transition $2 tuned_initrc_exec_t system_r; diff --git a/tuned.te b/tuned.te -index 393a33073..76390e2f6 100644 +index 393a330739..76390e2f6a 100644 --- a/tuned.te +++ b/tuned.te @@ -21,6 +21,9 @@ files_config_file(tuned_rw_etc_t) @@ -113325,7 +113326,7 @@ index 393a33073..76390e2f6 100644 + unconfined_domain(tuned_t) +') diff --git a/tvtime.if b/tvtime.if -index 1bb0f7c78..372be2f21 100644 +index 1bb0f7c78a..372be2f213 100644 --- a/tvtime.if +++ b/tvtime.if @@ -1,5 +1,23 @@ @@ -113353,7 +113354,7 @@ index 1bb0f7c78..372be2f21 100644 ## ## Role access for tvtime diff --git a/tvtime.te b/tvtime.te -index afd2d6c3f..3ce900e99 100644 +index afd2d6c3fc..3ce900e99b 100644 --- a/tvtime.te +++ b/tvtime.te @@ -42,7 +42,6 @@ allow tvtime_t self:unix_stream_socket rw_stream_socket_perms; @@ -113399,7 +113400,7 @@ index afd2d6c3f..3ce900e99 100644 optional_policy(` xserver_user_x_domain_template(tvtime, tvtime_t, tvtime_tmpfs_t) diff --git a/tzdata.te b/tzdata.te -index 221c43b84..2b9c49ac1 100644 +index 221c43b846..2b9c49ac1b 100644 --- a/tzdata.te +++ b/tzdata.te @@ -27,11 +27,10 @@ term_dontaudit_list_ptys(tzdata_t) @@ -113416,7 +113417,7 @@ index 221c43b84..2b9c49ac1 100644 optional_policy(` postfix_search_spool(tzdata_t) diff --git a/ucspitcp.te b/ucspitcp.te -index 7745b72e6..329c3d899 100644 +index 7745b72e66..329c3d899b 100644 --- a/ucspitcp.te +++ b/ucspitcp.te @@ -33,7 +33,6 @@ corenet_udp_sendrecv_all_ports(rblsmtpd_t) @@ -113436,7 +113437,7 @@ index 7745b72e6..329c3d899 100644 sysnet_read_config(ucspitcp_t) diff --git a/ulogd.if b/ulogd.if -index 9b95c3ef7..a892845bb 100644 +index 9b95c3ef76..a892845bb0 100644 --- a/ulogd.if +++ b/ulogd.if @@ -123,8 +123,11 @@ interface(`ulogd_admin',` @@ -113453,7 +113454,7 @@ index 9b95c3ef7..a892845bb 100644 init_labeled_script_domtrans($1, ulogd_initrc_exec_t) domain_system_change_exemption($1) diff --git a/ulogd.te b/ulogd.te -index de35e5f4c..e710f37a7 100644 +index de35e5f4c3..e710f37a7a 100644 --- a/ulogd.te +++ b/ulogd.te @@ -29,8 +29,12 @@ logging_log_file(ulogd_var_log_t) @@ -113485,7 +113486,7 @@ index de35e5f4c..e710f37a7 100644 sysnet_dns_name_resolve(ulogd_t) diff --git a/uml.if b/uml.if -index ab5c1d0da..d13105ea7 100644 +index ab5c1d0dae..d13105ea79 100644 --- a/uml.if +++ b/uml.if @@ -32,7 +32,7 @@ interface(`uml_role',` @@ -113498,7 +113499,7 @@ index ab5c1d0da..d13105ea7 100644 allow $2 { uml_ro_t uml_rw_t uml_tmp_t uml_exec_t }:dir { manage_dir_perms relabel_dir_perms }; allow $2 { uml_ro_t uml_rw_t uml_tmp_t uml_tmpfs_t uml_exec_t }:file { manage_file_perms relabel_file_perms }; diff --git a/uml.te b/uml.te -index b68bd49ff..da0c6912f 100644 +index b68bd49ff7..da0c6912f3 100644 --- a/uml.te +++ b/uml.te @@ -90,7 +90,6 @@ kernel_write_proc_files(uml_t) @@ -113545,7 +113546,7 @@ index b68bd49ff..da0c6912f 100644 userdom_dontaudit_search_user_home_dirs(uml_switch_t) diff --git a/updfstab.te b/updfstab.te -index 5ceb91249..232e9ac93 100644 +index 5ceb912497..232e9ac930 100644 --- a/updfstab.te +++ b/updfstab.te @@ -14,7 +14,7 @@ init_system_domain(updfstab_t, updfstab_exec_t) @@ -113579,7 +113580,7 @@ index 5ceb91249..232e9ac93 100644 optional_policy(` dbus_system_bus_client(updfstab_t) diff --git a/uptime.if b/uptime.if -index 01a3234b6..19f472475 100644 +index 01a3234b64..19f4724757 100644 --- a/uptime.if +++ b/uptime.if @@ -19,7 +19,7 @@ @@ -113592,7 +113593,7 @@ index 01a3234b6..19f472475 100644 ') diff --git a/uptime.te b/uptime.te -index 58397dc31..e6b6a3472 100644 +index 58397dc31a..e6b6a34726 100644 --- a/uptime.te +++ b/uptime.te @@ -16,7 +16,7 @@ type uptimed_initrc_exec_t; @@ -113614,7 +113615,7 @@ index 58397dc31..e6b6a3472 100644 userdom_dontaudit_search_user_home_dirs(uptimed_t) diff --git a/usbmodules.te b/usbmodules.te -index 279e511df..4f79ad697 100644 +index 279e511df1..4f79ad6978 100644 --- a/usbmodules.te +++ b/usbmodules.te @@ -24,8 +24,6 @@ files_list_kernel_modules(usbmodules_t) @@ -113643,7 +113644,7 @@ index 279e511df..4f79ad697 100644 + modutils_read_module_deps(usbmodules_t) +') diff --git a/usbmuxd.fc b/usbmuxd.fc -index 220f6add1..ccbb5dabc 100644 +index 220f6add14..ccbb5dabcb 100644 --- a/usbmuxd.fc +++ b/usbmuxd.fc @@ -1,3 +1,6 @@ @@ -113655,7 +113656,7 @@ index 220f6add1..ccbb5dabc 100644 + +/var/lib/lockdown(/.*)? gen_context(system_u:object_r:usbmuxd_var_lib_t,s0) diff --git a/usbmuxd.if b/usbmuxd.if -index 1ec5e996b..5b6c80bba 100644 +index 1ec5e996bc..5b6c80bbad 100644 --- a/usbmuxd.if +++ b/usbmuxd.if @@ -38,3 +38,67 @@ interface(`usbmuxd_stream_connect',` @@ -113727,7 +113728,7 @@ index 1ec5e996b..5b6c80bba 100644 + allow $1 usbmuxd_unit_file_t:service all_service_perms; +') diff --git a/usbmuxd.te b/usbmuxd.te -index 34a891755..933baa42d 100644 +index 34a891755c..933baa42d6 100644 --- a/usbmuxd.te +++ b/usbmuxd.te @@ -10,34 +10,58 @@ roleattribute system_r usbmuxd_roles; @@ -113794,7 +113795,7 @@ index 34a891755..933baa42d 100644 + virt_dontaudit_read_chr_dev(usbmuxd_t) +') diff --git a/userhelper.fc b/userhelper.fc -index c416a833e..cd83b89ee 100644 +index c416a833e9..cd83b89ee2 100644 --- a/userhelper.fc +++ b/userhelper.fc @@ -1,5 +1,10 @@ @@ -113814,7 +113815,7 @@ index c416a833e..cd83b89ee 100644 +/usr/sbin/userhelper -- gen_context(system_u:object_r:userhelper_exec_t,s0) +/usr/bin/consolehelper -- gen_context(system_u:object_r:consolehelper_exec_t,s0) diff --git a/userhelper.if b/userhelper.if -index 98b51fd0b..c7e44cada 100644 +index 98b51fd0b4..c7e44cada9 100644 --- a/userhelper.if +++ b/userhelper.if @@ -1,4 +1,4 @@ @@ -114140,7 +114141,7 @@ index 98b51fd0b..c7e44cada 100644 ## ## Execute the consolehelper program diff --git a/userhelper.te b/userhelper.te -index 42cfce06e..b7e3e2532 100644 +index 42cfce06e2..b7e3e25326 100644 --- a/userhelper.te +++ b/userhelper.te @@ -5,11 +5,8 @@ policy_module(userhelper, 1.8.1) @@ -114347,7 +114348,7 @@ index 42cfce06e..b7e3e2532 100644 + fs_search_cifs(consolehelper_domain) ') diff --git a/usernetctl.if b/usernetctl.if -index 7deec55cf..c542887da 100644 +index 7deec55cf8..c542887da3 100644 --- a/usernetctl.if +++ b/usernetctl.if @@ -39,6 +39,7 @@ interface(`usernetctl_domtrans',` @@ -114359,7 +114360,7 @@ index 7deec55cf..c542887da 100644 ') diff --git a/usernetctl.te b/usernetctl.te -index f973af82b..860643991 100644 +index f973af82ba..8606439919 100644 --- a/usernetctl.te +++ b/usernetctl.te @@ -6,19 +6,19 @@ policy_module(usernetctl, 1.7.0) @@ -114426,7 +114427,7 @@ index f973af82b..860643991 100644 ppp_run(usernetctl_t, usernetctl_roles) ') diff --git a/uucp.if b/uucp.if -index af9acc0d3..cdaf82e21 100644 +index af9acc0d3c..cdaf82e214 100644 --- a/uucp.if +++ b/uucp.if @@ -90,11 +90,6 @@ interface(`uucp_domtrans_uux',` @@ -114462,7 +114463,7 @@ index af9acc0d3..cdaf82e21 100644 admin_pattern($1, uucpd_log_t) diff --git a/uucp.te b/uucp.te -index 849f607b1..e01ec6d2e 100644 +index 849f607b14..e01ec6d2e9 100644 --- a/uucp.te +++ b/uucp.te @@ -31,7 +31,7 @@ type uucpd_ro_t; @@ -114535,7 +114536,7 @@ index 849f607b1..e01ec6d2e 100644 + postfix_rw_inherited_master_pipes(uux_t) +') diff --git a/uuidd.if b/uuidd.if -index 6e4865333..6abf74a90 100644 +index 6e48653331..6abf74a905 100644 --- a/uuidd.if +++ b/uuidd.if @@ -148,11 +148,12 @@ interface(`uuidd_read_pid_files',` @@ -114563,7 +114564,7 @@ index 6e4865333..6abf74a90 100644 uuidd_initrc_domtrans($1) domain_system_change_exemption($1) diff --git a/uuidd.te b/uuidd.te -index f8e52fc97..b283c25f7 100644 +index f8e52fc97b..b283c25f72 100644 --- a/uuidd.te +++ b/uuidd.te @@ -42,6 +42,4 @@ dev_read_urand(uuidd_t) @@ -114574,7 +114575,7 @@ index f8e52fc97..b283c25f7 100644 -miscfiles_read_localization(uuidd_t) diff --git a/uwimap.te b/uwimap.te -index acdc78ae7..9e5ee472d 100644 +index acdc78ae70..9e5ee472d9 100644 --- a/uwimap.te +++ b/uwimap.te @@ -20,7 +20,7 @@ files_pid_file(imapd_var_run_t) @@ -114613,7 +114614,7 @@ index acdc78ae7..9e5ee472d 100644 userdom_dontaudit_use_unpriv_user_fds(imapd_t) diff --git a/varnishd.if b/varnishd.if -index 1c35171d8..2cba4dfea 100644 +index 1c35171d83..2cba4dfeaa 100644 --- a/varnishd.if +++ b/varnishd.if @@ -153,12 +153,16 @@ interface(`varnishd_manage_log',` @@ -114650,7 +114651,7 @@ index 1c35171d8..2cba4dfea 100644 domain_system_change_exemption($1) role_transition $2 varnishd_initrc_exec_t system_r; diff --git a/varnishd.te b/varnishd.te -index 9d4d8cbb0..3b30d5ac5 100644 +index 9d4d8cbb09..3b30d5ac5e 100644 --- a/varnishd.te +++ b/varnishd.te @@ -21,7 +21,7 @@ type varnishd_initrc_exec_t; @@ -114707,7 +114708,7 @@ index 9d4d8cbb0..3b30d5ac5 100644 files_search_var_lib(varnishlog_t) diff --git a/vbetool.te b/vbetool.te -index 2a61f7526..cea4ee220 100644 +index 2a61f75266..cea4ee2203 100644 --- a/vbetool.te +++ b/vbetool.te @@ -26,7 +26,8 @@ role vbetool_roles types vbetool_t; @@ -114729,7 +114730,7 @@ index 2a61f7526..cea4ee220 100644 tunable_policy(`vbetool_mmap_zero_ignore',` dontaudit vbetool_t self:memprotect mmap_zero; diff --git a/vdagent.if b/vdagent.if -index 31c752ea6..ef522355b 100644 +index 31c752ea64..ef522355bd 100644 --- a/vdagent.if +++ b/vdagent.if @@ -24,15 +24,15 @@ interface(`vdagent_domtrans',` @@ -114826,7 +114827,7 @@ index 31c752ea6..ef522355b 100644 init_labeled_script_domtrans($1, vdagentd_initrc_exec_t) domain_system_change_exemption($1) diff --git a/vdagent.te b/vdagent.te -index 87da8a24d..70531c93e 100644 +index 87da8a24d6..70531c93ee 100644 --- a/vdagent.te +++ b/vdagent.te @@ -25,6 +25,7 @@ logging_log_file(vdagent_log_t) @@ -114870,7 +114871,7 @@ index 87da8a24d..70531c93e 100644 dbus_system_bus_client(vdagent_t) diff --git a/vhostmd.if b/vhostmd.if -index 22edd58f8..c3a536427 100644 +index 22edd58f83..c3a536427f 100644 --- a/vhostmd.if +++ b/vhostmd.if @@ -216,9 +216,13 @@ interface(`vhostmd_admin',` @@ -114889,7 +114890,7 @@ index 22edd58f8..c3a536427 100644 domain_system_change_exemption($1) role_transition $2 vhostmd_initrc_exec_t system_r; diff --git a/vhostmd.te b/vhostmd.te -index 3d11c6a3d..2eb57ded1 100644 +index 3d11c6a3d8..2eb57ded1c 100644 --- a/vhostmd.te +++ b/vhostmd.te @@ -23,7 +23,7 @@ files_pid_file(vhostmd_var_run_t) @@ -114926,7 +114927,7 @@ index 3d11c6a3d..2eb57ded1 100644 optional_policy(` diff --git a/virt.fc b/virt.fc -index a4f20bcfc..5172dcec4 100644 +index a4f20bcfcb..5172dcec43 100644 --- a/virt.fc +++ b/virt.fc @@ -1,51 +1,113 @@ @@ -115082,7 +115083,7 @@ index a4f20bcfc..5172dcec4 100644 +/var/log/qemu-ga\.log.* -- gen_context(system_u:object_r:virt_qemu_ga_log_t,s0) +/var/log/qemu-ga(/.*)? gen_context(system_u:object_r:virt_qemu_ga_log_t,s0) diff --git a/virt.if b/virt.if -index facdee8b3..b149565d0 100644 +index facdee8b32..b149565d04 100644 --- a/virt.if +++ b/virt.if @@ -1,120 +1,104 @@ @@ -117265,7 +117266,7 @@ index facdee8b3..b149565d0 100644 ') + diff --git a/virt.te b/virt.te -index f03dcf567..2f3c11215 100644 +index f03dcf5673..2f3c112159 100644 --- a/virt.te +++ b/virt.te @@ -1,451 +1,401 @@ @@ -119601,7 +119602,7 @@ index f03dcf567..2f3c11215 100644 + +allow sandbox_caps_domain self:capability { chown dac_read_search dac_override fowner kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap }; diff --git a/vlock.te b/vlock.te -index 6b72968ea..de409cc61 100644 +index 6b72968ea8..de409cc610 100644 --- a/vlock.te +++ b/vlock.te @@ -38,7 +38,7 @@ auth_use_pam(vlock_t) @@ -119616,7 +119617,7 @@ index 6b72968ea..de409cc61 100644 +userdom_use_inherited_user_terminals(vlock_t) diff --git a/vmtools.fc b/vmtools.fc new file mode 100644 -index 000000000..bcada182c +index 0000000000..bcada182cc --- /dev/null +++ b/vmtools.fc @@ -0,0 +1,8 @@ @@ -119630,7 +119631,7 @@ index 000000000..bcada182c +/usr/lib/systemd/system/vmtoolsd.* -- gen_context(system_u:object_r:vmtools_unit_file_t,s0) diff --git a/vmtools.if b/vmtools.if new file mode 100644 -index 000000000..f94feab67 +index 0000000000..f94feab67f --- /dev/null +++ b/vmtools.if @@ -0,0 +1,143 @@ @@ -119779,7 +119780,7 @@ index 000000000..f94feab67 +') diff --git a/vmtools.te b/vmtools.te new file mode 100644 -index 000000000..c4f3b456b +index 0000000000..c4f3b456bf --- /dev/null +++ b/vmtools.te @@ -0,0 +1,136 @@ @@ -119920,7 +119921,7 @@ index 000000000..c4f3b456b + ') +') diff --git a/vmware.if b/vmware.if -index 20a1fb296..39d21a304 100644 +index 20a1fb2961..39d21a3047 100644 --- a/vmware.if +++ b/vmware.if @@ -26,7 +26,11 @@ interface(`vmware_role',` @@ -119977,7 +119978,7 @@ index 20a1fb296..39d21a304 100644 + manage_files_pattern($1, vmware_log_t, vmware_log_t) +') diff --git a/vmware.te b/vmware.te -index 4ad18944a..dfe8d1f1a 100644 +index 4ad18944a8..dfe8d1f1a8 100644 --- a/vmware.te +++ b/vmware.te @@ -65,7 +65,8 @@ ifdef(`enable_mcs',` @@ -120079,7 +120080,7 @@ index 4ad18944a..dfe8d1f1a 100644 sysnet_dns_name_resolve(vmware_t) diff --git a/vnstatd.if b/vnstatd.if -index 137ac4458..b644854c9 100644 +index 137ac4458e..b644854c99 100644 --- a/vnstatd.if +++ b/vnstatd.if @@ -157,7 +157,6 @@ interface(`vnstatd_manage_lib_files',` @@ -120106,7 +120107,7 @@ index 137ac4458..b644854c9 100644 domain_system_change_exemption($1) role_transition $2 vnstatd_initrc_exec_t system_r; diff --git a/vnstatd.te b/vnstatd.te -index e2220ae7f..85f393b41 100644 +index e2220ae7f0..85f393b418 100644 --- a/vnstatd.te +++ b/vnstatd.te @@ -36,7 +36,7 @@ allow vnstatd_t self:unix_stream_socket { accept listen }; @@ -120163,7 +120164,7 @@ index e2220ae7f..85f393b41 100644 cron_system_entry(vnstat_t, vnstat_exec_t) ') diff --git a/vpn.fc b/vpn.fc -index 524ac2f76..076dcc3e6 100644 +index 524ac2f76d..076dcc3e63 100644 --- a/vpn.fc +++ b/vpn.fc @@ -1,7 +1,13 @@ @@ -120184,7 +120185,7 @@ index 524ac2f76..076dcc3e6 100644 -/var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0) +/var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0) diff --git a/vpn.if b/vpn.if -index 7a7f34297..afedcba80 100644 +index 7a7f34297b..afedcba80b 100644 --- a/vpn.if +++ b/vpn.if @@ -1,8 +1,8 @@ @@ -120261,7 +120262,7 @@ index 7a7f34297..afedcba80 100644 ## ## diff --git a/vpn.te b/vpn.te -index 95b26d126..3d74e70cc 100644 +index 95b26d1260..3d74e70cc9 100644 --- a/vpn.te +++ b/vpn.te @@ -6,6 +6,7 @@ policy_module(vpn, 1.16.0) @@ -120376,7 +120377,7 @@ index 95b26d126..3d74e70cc 100644 + networkmanager_manage_pid_files(vpnc_t) ') diff --git a/w3c.fc b/w3c.fc -index 463c799f4..227feaf34 100644 +index 463c799f46..227feaf345 100644 --- a/w3c.fc +++ b/w3c.fc @@ -1,4 +1,4 @@ @@ -120388,7 +120389,7 @@ index 463c799f4..227feaf34 100644 +/usr/share/w3c-markup-validator(/.*)? gen_context(system_u:object_r:w3c_validator_content_t,s0) +/usr/share/w3c-markup-validator/cgi-bin(/.*)? gen_context(system_u:object_r:w3c_validator_script_exec_t,s0) diff --git a/w3c.te b/w3c.te -index b14d6a948..d7c79382d 100644 +index b14d6a9481..d7c79382da 100644 --- a/w3c.te +++ b/w3c.te @@ -6,29 +6,37 @@ policy_module(w3c, 1.1.0) @@ -120445,7 +120446,7 @@ index b14d6a948..d7c79382d 100644 -sysnet_dns_name_resolve(httpd_w3c_validator_script_t) +sysnet_dns_name_resolve(w3c_validator_script_t) diff --git a/watchdog.fc b/watchdog.fc -index eecd0e03b..8df2e8ce7 100644 +index eecd0e03b3..8df2e8ce75 100644 --- a/watchdog.fc +++ b/watchdog.fc @@ -1,7 +1,12 @@ @@ -120462,7 +120463,7 @@ index eecd0e03b..8df2e8ce7 100644 /var/run/watchdog\.pid -- gen_context(system_u:object_r:watchdog_var_run_t,s0) diff --git a/watchdog.if b/watchdog.if -index 6461a7746..8fda2dd71 100644 +index 6461a77468..8fda2dd718 100644 --- a/watchdog.if +++ b/watchdog.if @@ -37,3 +37,21 @@ interface(`watchdog_admin',` @@ -120488,7 +120489,7 @@ index 6461a7746..8fda2dd71 100644 + read_lnk_files_pattern($1,watchdog_unconfined_exec_t, watchdog_unconfined_exec_t) +') diff --git a/watchdog.te b/watchdog.te -index 3548317cf..fc3da17d6 100644 +index 3548317cf8..fc3da17d6b 100644 --- a/watchdog.te +++ b/watchdog.te @@ -12,34 +12,47 @@ init_daemon_domain(watchdog_t, watchdog_exec_t) @@ -120617,7 +120618,7 @@ index 3548317cf..fc3da17d6 100644 + ') +') diff --git a/wdmd.fc b/wdmd.fc -index 66f11f724..e051997a6 100644 +index 66f11f7247..e051997a6d 100644 --- a/wdmd.fc +++ b/wdmd.fc @@ -1,5 +1,7 @@ @@ -120631,7 +120632,7 @@ index 66f11f724..e051997a6 100644 -/var/run/wdmd(/.*)? gen_context(system_u:object_r:wdmd_var_run_t,s0) diff --git a/wdmd.if b/wdmd.if -index 1e3aec07f..d17ff392f 100644 +index 1e3aec07f0..d17ff392f1 100644 --- a/wdmd.if +++ b/wdmd.if @@ -1,29 +1,47 @@ @@ -120775,7 +120776,7 @@ index 1e3aec07f..d17ff392f 100644 + ') diff --git a/wdmd.te b/wdmd.te -index 4815a93f4..24dcf5174 100644 +index 4815a93f41..24dcf51740 100644 --- a/wdmd.te +++ b/wdmd.te @@ -45,16 +45,15 @@ corecmd_exec_shell(wdmd_t) @@ -120800,7 +120801,7 @@ index 4815a93f4..24dcf5174 100644 + rhcs_rw_cluster_tmpfs(wdmd_t) ') diff --git a/webadm.te b/webadm.te -index 2a6cae773..d2752d9bb 100644 +index 2a6cae7736..d2752d9bb4 100644 --- a/webadm.te +++ b/webadm.te @@ -25,12 +25,21 @@ role webadm_r; @@ -120855,7 +120856,7 @@ index 2a6cae773..d2752d9bb 100644 tunable_policy(`webadm_manage_user_files',` userdom_manage_user_home_content_files(webadm_t) diff --git a/webalizer.fc b/webalizer.fc -index 64baf679e..76c753b1a 100644 +index 64baf679e3..76c753b1ac 100644 --- a/webalizer.fc +++ b/webalizer.fc @@ -6,4 +6,4 @@ @@ -120865,7 +120866,7 @@ index 64baf679e..76c753b1a 100644 -/var/www/usage(/.*)? gen_context(system_u:object_r:httpd_webalizer_content_t,s0) +/var/www/usage(/.*)? gen_context(system_u:object_r:webalizer_rw_content_t,s0) diff --git a/webalizer.te b/webalizer.te -index ae919b9a5..cdd9359d1 100644 +index ae919b9a52..cdd9359d13 100644 --- a/webalizer.te +++ b/webalizer.te @@ -33,7 +33,7 @@ files_type(webalizer_write_t) @@ -120921,7 +120922,7 @@ index ae919b9a5..cdd9359d1 100644 optional_policy(` diff --git a/wine.if b/wine.if -index fd2b6cc1e..9c4f14b88 100644 +index fd2b6cc1e6..9c4f14b880 100644 --- a/wine.if +++ b/wine.if @@ -1,46 +1,58 @@ @@ -121096,7 +121097,7 @@ index fd2b6cc1e..9c4f14b88 100644 +') + diff --git a/wine.te b/wine.te -index 491b87b44..2a79df407 100644 +index 491b87b44a..2a79df4078 100644 --- a/wine.te +++ b/wine.te @@ -14,10 +14,11 @@ policy_module(wine, 1.11.0) @@ -121198,7 +121199,7 @@ index 491b87b44..2a79df407 100644 ') + diff --git a/wireshark.te b/wireshark.te -index ff6ef3859..436d3bf5a 100644 +index ff6ef38592..436d3bf5ad 100644 --- a/wireshark.te +++ b/wireshark.te @@ -34,7 +34,7 @@ userdom_user_tmpfs_file(wireshark_tmpfs_t) @@ -121253,7 +121254,7 @@ index ff6ef3859..436d3bf5a 100644 optional_policy(` userhelper_use_fd(wireshark_t) diff --git a/wm.fc b/wm.fc -index 304ae09d3..c1d10a11b 100644 +index 304ae09d36..c1d10a11b0 100644 --- a/wm.fc +++ b/wm.fc @@ -1,4 +1,4 @@ @@ -121263,7 +121264,7 @@ index 304ae09d3..c1d10a11b 100644 -/usr/bin/twm -- gen_context(system_u:object_r:wm_exec_t,s0) +/usr/bin/twm -- gen_context(system_u:object_r:wm_exec_t,s0) diff --git a/wm.if b/wm.if -index 95f888d16..48fe249e1 100644 +index 95f888d169..48fe249e15 100644 --- a/wm.if +++ b/wm.if @@ -1,4 +1,4 @@ @@ -121398,7 +121399,7 @@ index 95f888d16..48fe249e1 100644 - allow $1_wm_t $2:dbus send_msg; -') diff --git a/wm.te b/wm.te -index 638d10fc6..5fb996008 100644 +index 638d10fc69..5fb9960089 100644 --- a/wm.te +++ b/wm.te @@ -1,12 +1,12 @@ @@ -121512,7 +121513,7 @@ index 638d10fc6..5fb996008 100644 + xserver_manage_core_devices(wm_domain) +') diff --git a/xen.fc b/xen.fc -index 42d83b02f..651d1cb61 100644 +index 42d83b02fc..651d1cb610 100644 --- a/xen.fc +++ b/xen.fc @@ -1,38 +1,42 @@ @@ -121575,7 +121576,7 @@ index 42d83b02f..651d1cb61 100644 -/xen(/.*)? gen_context(system_u:object_r:xen_image_t,s0) +/xen(/.*)? gen_context(system_u:object_r:xen_image_t,s0) diff --git a/xen.if b/xen.if -index f93558c5a..16e29c141 100644 +index f93558c5ac..16e29c1413 100644 --- a/xen.if +++ b/xen.if @@ -1,13 +1,13 @@ @@ -121842,7 +121843,7 @@ index f93558c5a..16e29c141 100644 files_search_pids($1) diff --git a/xen.te b/xen.te -index 6f736a993..c1ba3ba4b 100644 +index 6f736a9936..c1ba3ba4b9 100644 --- a/xen.te +++ b/xen.te @@ -4,39 +4,31 @@ policy_module(xen, 1.13.0) @@ -122544,7 +122545,7 @@ index 6f736a993..c1ba3ba4b 100644 - fs_manage_xenfs_files(xm_ssh_t) -') diff --git a/xfs.te b/xfs.te -index 0928c5d6a..b9bcf8824 100644 +index 0928c5d6a6..b9bcf8824f 100644 --- a/xfs.te +++ b/xfs.te @@ -23,7 +23,7 @@ files_pid_file(xfs_var_run_t) @@ -122581,7 +122582,7 @@ index 0928c5d6a..b9bcf8824 100644 userdom_dontaudit_use_unpriv_user_fds(xfs_t) diff --git a/xguest.if b/xguest.if -index 4f1d07d71..5c819abe8 100644 +index 4f1d07d718..5c819abe86 100644 --- a/xguest.if +++ b/xguest.if @@ -1,4 +1,4 @@ @@ -122591,7 +122592,7 @@ index 4f1d07d71..5c819abe8 100644 ######################################## ## diff --git a/xguest.te b/xguest.te -index a64aad347..4ddc93c38 100644 +index a64aad347e..4ddc93c386 100644 --- a/xguest.te +++ b/xguest.te @@ -6,46 +6,49 @@ policy_module(xguest, 1.2.0) @@ -122849,7 +122850,7 @@ index a64aad347..4ddc93c38 100644 -#gen_user(xguest_u,, xguest_r, s0, s0) +gen_user(xguest_u, user, xguest_r, s0, s0) diff --git a/xprint.te b/xprint.te -index 3c44d8493..ce5e69d69 100644 +index 3c44d8493b..ce5e69d696 100644 --- a/xprint.te +++ b/xprint.te @@ -32,7 +32,6 @@ kernel_read_kernel_sysctls(xprint_t) @@ -122879,7 +122880,7 @@ index 3c44d8493..ce5e69d69 100644 sysnet_read_config(xprint_t) diff --git a/xscreensaver.te b/xscreensaver.te -index 04096a050..98a8205a7 100644 +index 04096a0502..98a8205a72 100644 --- a/xscreensaver.te +++ b/xscreensaver.te @@ -25,7 +25,6 @@ allow xscreensaver_t self:fifo_file rw_fifo_file_perms; @@ -122903,7 +122904,7 @@ index 04096a050..98a8205a7 100644 xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t) diff --git a/yam.te b/yam.te -index 2695db25c..c1ec89384 100644 +index 2695db25cf..c1ec893848 100644 --- a/yam.te +++ b/yam.te @@ -26,7 +26,7 @@ files_tmp_file(yam_tmp_t) @@ -122931,7 +122932,7 @@ index 2695db25c..c1ec89384 100644 userdom_search_user_home_dirs(yam_t) diff --git a/zabbix.fc b/zabbix.fc -index c3b5a819e..c384947f3 100644 +index c3b5a819e9..c384947f31 100644 --- a/zabbix.fc +++ b/zabbix.fc @@ -4,12 +4,22 @@ @@ -122960,7 +122961,7 @@ index c3b5a819e..c384947f3 100644 /var/run/zabbix(/.*)? gen_context(system_u:object_r:zabbix_var_run_t,s0) diff --git a/zabbix.if b/zabbix.if -index dd63de028..7cf8202ab 100644 +index dd63de028f..7cf8202abf 100644 --- a/zabbix.if +++ b/zabbix.if @@ -1,4 +1,4 @@ @@ -123140,7 +123141,7 @@ index dd63de028..7cf8202ab 100644 - admin_pattern($1, zabbix_tmpfs_t) ') diff --git a/zabbix.te b/zabbix.te -index 7f496c617..569f9209f 100644 +index 7f496c6177..569f9209f0 100644 --- a/zabbix.te +++ b/zabbix.te @@ -6,27 +6,45 @@ policy_module(zabbix, 1.6.0) @@ -123511,7 +123512,7 @@ index 7f496c617..569f9209f 100644 + unconfined_domain(zabbix_script_t) +') diff --git a/zarafa.fc b/zarafa.fc -index faf99ed51..44e94fad9 100644 +index faf99ed513..44e94fad9f 100644 --- a/zarafa.fc +++ b/zarafa.fc @@ -1,33 +1,34 @@ @@ -123566,7 +123567,7 @@ index faf99ed51..44e94fad9 100644 +/var/run/zarafa-search\.pid -- gen_context(system_u:object_r:zarafa_indexer_var_run_t,s0) /var/run/zarafa-spooler\.pid -- gen_context(system_u:object_r:zarafa_spooler_var_run_t,s0) diff --git a/zarafa.if b/zarafa.if -index 36e32df6d..3d089626e 100644 +index 36e32df6dc..3d089626ed 100644 --- a/zarafa.if +++ b/zarafa.if @@ -1,55 +1,59 @@ @@ -123753,7 +123754,7 @@ index 36e32df6d..3d089626e 100644 + manage_dirs_pattern($1, zarafa_var_lib_t, zarafa_var_lib_t) ') diff --git a/zarafa.te b/zarafa.te -index 3fded1c4d..8bea5e820 100644 +index 3fded1c4d8..8bea5e820a 100644 --- a/zarafa.te +++ b/zarafa.te @@ -5,9 +5,14 @@ policy_module(zarafa, 1.2.0) @@ -123991,7 +123992,7 @@ index 3fded1c4d..8bea5e820 100644 -miscfiles_read_localization(zarafa_domain) +dev_read_sysfs(zarafa_domain) diff --git a/zebra.fc b/zebra.fc -index 28ee4cac9..bc37f7691 100644 +index 28ee4cac93..bc37f76918 100644 --- a/zebra.fc +++ b/zebra.fc @@ -1,21 +1,34 @@ @@ -124043,7 +124044,7 @@ index 28ee4cac9..bc37f7691 100644 -/var/run/quagga(/.*)? gen_context(system_u:object_r:zebra_var_run_t,s0) +/var/run/quagga(/.*)? gen_context(system_u:object_r:zebra_var_run_t,s0) diff --git a/zebra.if b/zebra.if -index 34164017b..e364caf4b 100644 +index 34164017bf..e364caf4bf 100644 --- a/zebra.if +++ b/zebra.if @@ -1,8 +1,8 @@ @@ -124151,7 +124152,7 @@ index 34164017b..e364caf4b 100644 + allow $1 zebra_unit_file_t:service all_service_perms; ') diff --git a/zebra.te b/zebra.te -index 2e80d04fc..5bf04b2d0 100644 +index 2e80d04fc6..5bf04b2d0e 100644 --- a/zebra.te +++ b/zebra.te @@ -6,23 +6,26 @@ policy_module(zebra, 1.13.0) @@ -124305,7 +124306,7 @@ index 2e80d04fc..5bf04b2d0 100644 +') diff --git a/zoneminder.fc b/zoneminder.fc new file mode 100644 -index 000000000..ceaa219dc +index 0000000000..ceaa219dc3 --- /dev/null +++ b/zoneminder.fc @@ -0,0 +1,13 @@ @@ -124324,7 +124325,7 @@ index 000000000..ceaa219dc +/var/spool/zoneminder-upload(/.*)? gen_context(system_u:object_r:zoneminder_spool_t,s0) diff --git a/zoneminder.if b/zoneminder.if new file mode 100644 -index 000000000..fb0519ebf +index 0000000000..fb0519ebfb --- /dev/null +++ b/zoneminder.if @@ -0,0 +1,374 @@ @@ -124704,7 +124705,7 @@ index 000000000..fb0519ebf + diff --git a/zoneminder.te b/zoneminder.te new file mode 100644 -index 000000000..ba1d14974 +index 0000000000..ba1d14974f --- /dev/null +++ b/zoneminder.te @@ -0,0 +1,189 @@ @@ -124898,7 +124899,7 @@ index 000000000..ba1d14974 + ') +') diff --git a/zosremote.if b/zosremote.if -index b14698c4f..16e1581a0 100644 +index b14698c4f5..16e1581a00 100644 --- a/zosremote.if +++ b/zosremote.if @@ -35,6 +35,7 @@ interface(`zosremote_domtrans',` @@ -124910,7 +124911,7 @@ index b14698c4f..16e1581a0 100644 interface(`zosremote_run',` gen_require(` diff --git a/zosremote.te b/zosremote.te -index bc6a5db70..0abdcebcb 100644 +index bc6a5db700..0abdcebcb8 100644 --- a/zosremote.te +++ b/zosremote.te @@ -24,6 +24,4 @@ allow zos_remote_t self:unix_stream_socket { accept listen }; diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec index a645977..22adeb0 100644 --- a/SPECS/selinux-policy.spec +++ b/SPECS/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 266%{?dist} +Release: 266%{?dist}.1 License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -653,6 +653,10 @@ fi %endif %changelog +* Fri May 15 2020 Zdenek Pytela - 3.13.1-266.1 +- Allow nagios_plugin_domain execute programs in bin directories +Resolves: rhbz#1832219 + * Wed Nov 06 2019 Lukas Vrabec - 3.13.1-266 - Dontaudit tmpreaper_t getting attributes from sysctl_type files Resolves: rhbz#1765063